Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Kameta Setup 1.0.0.exe

Overview

General Information

Sample name:Kameta Setup 1.0.0.exe
Analysis ID:1568018
MD5:0157b710ec82b63db471a4030979fbd3
SHA1:03e1e97522f61193836a6f2b489699ba5b087b5e
SHA256:4bcd67e69705a2aed00ecfb30e2e9f05af8a0e00d5cb787e8427d100f766ca54
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for submitted file
Drops large PE files
Excessive usage of taskkill to terminate processes
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64native
  • Kameta Setup 1.0.0.exe (PID: 7476 cmdline: "C:\Users\user\Desktop\Kameta Setup 1.0.0.exe" MD5: 0157B710EC82B63DB471A4030979FBD3)
    • cmd.exe (PID: 564 cmdline: cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KametaSetup.exe" | %SYSTEMROOT%\System32\find.exe "KametaSetup.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6592 cmdline: tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe" MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • find.exe (PID: 4176 cmdline: C:\Windows\System32\find.exe "KametaSetup.exe" MD5: 31D06677CD9ACA84EA2E2E8E3BF22D65)
  • KametaSetup.exe (PID: 1960 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" MD5: 7153F5DCF75B41969A641F98F370D035)
    • dllhost.exe (PID: 7760 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
    • cmd.exe (PID: 4708 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 3364 cmdline: wmic bios get smbiosbiosversion MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 6408 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7368 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7868 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7208 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4496 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7936 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5896 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5556 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8132 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5176 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2372 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1472 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6296 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 2384 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7612 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4528 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4072 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4156 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5268 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5116 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 840 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 2472 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5708 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 564 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • Conhost.exe (PID: 4160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5148 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 3188 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8180 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5932 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3672 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • Conhost.exe (PID: 2052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4600 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • KametaSetup.exe (PID: 3492 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 --field-trial-handle=2164,i,4496418610188938709,3673006249635420347,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 7153F5DCF75B41969A641F98F370D035)
    • cmd.exe (PID: 932 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 1816 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • Conhost.exe (PID: 5288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • Conhost.exe (PID: 7464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • Conhost.exe (PID: 5980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • Conhost.exe (PID: 5932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
            • Conhost.exe (PID: 1340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
            • Conhost.exe (PID: 8772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • Conhost.exe (PID: 8196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 6192 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 5700 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7792 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 3444 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7996 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 3052 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 812 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 7536 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • Conhost.exe (PID: 4504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 7656 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 436 cmdline: wmic MemoryChip get /format:list MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
      • find.exe (PID: 3992 cmdline: find /i "Speed" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
    • cmd.exe (PID: 6860 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 4496 cmdline: wmic path win32_VideoController get name MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 7936 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6068 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7208 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 3424 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4412 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7688 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6920 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6292 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3676 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1036 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7716 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5148 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5968 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 3672 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3188 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6980 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8180 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5900 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5776 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 2884 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6332 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 3180 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5408 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 628 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6236 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 436 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5352 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4420 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7240 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 956 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 476 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 4124 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 3532 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6720 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 4592 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6096 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7956 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6084 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 1580 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 1636 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7632 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 7668 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • KametaSetup.exe (PID: 5380 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2572 --field-trial-handle=2164,i,4496418610188938709,3673006249635420347,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 7153F5DCF75B41969A641F98F370D035)
    • chrome.exe (PID: 2484 cmdline: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: BB7C48CDDDE076E7EB44022520F40F77)
      • chrome.exe (PID: 7440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --no-subproc-heap-profiling --field-trial-handle=1792,i,5804519358371778513,5412243418019726563,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2100 /prefetch:3 MD5: BB7C48CDDDE076E7EB44022520F40F77)
    • cmd.exe (PID: 4964 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 2472 cmdline: wmic bios get smbiosbiosversion MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 7020 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 5148 cmdline: wmic MemoryChip get /format:list MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
      • find.exe (PID: 2508 cmdline: find /i "Speed" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
    • cmd.exe (PID: 4508 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 3588 cmdline: wmic path win32_VideoController get name MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 5060 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 2328 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 4440 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 1340 cmdline: wmic bios get smbiosbiosversion MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
        • Conhost.exe (PID: 8460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 6504 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 4964 cmdline: wmic MemoryChip get /format:list MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
      • find.exe (PID: 2436 cmdline: find /i "Speed" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
    • cmd.exe (PID: 6908 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 564 cmdline: wmic path win32_VideoController get name MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 3588 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 4592 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • msedge.exe (PID: 4604 cmdline: "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
      • msedge.exe (PID: 6084 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8724771713764745435,9521847868225282173,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2440 /prefetch:3 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
    • cmd.exe (PID: 2084 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 3248 cmdline: wmic bios get smbiosbiosversion MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
        • Conhost.exe (PID: 6108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 4560 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 2312 cmdline: wmic MemoryChip get /format:list MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
      • find.exe (PID: 444 cmdline: find /i "Speed" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
    • cmd.exe (PID: 6192 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 828 cmdline: wmic path win32_VideoController get name MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 3528 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • Conhost.exe (PID: 5272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • Conhost.exe (PID: 5344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 5904 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • dllhost.exe (PID: 7088 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
    • cmd.exe (PID: 8180 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 6804 cmdline: wmic bios get smbiosbiosversion MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
        • Conhost.exe (PID: 8240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 7464 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 2052 cmdline: wmic MemoryChip get /format:list MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
      • find.exe (PID: 2608 cmdline: find /i "Speed" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
        • Conhost.exe (PID: 9112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 4444 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • Conhost.exe (PID: 2080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • Conhost.exe (PID: 4504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 5540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 3892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 7632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 4956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 6832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 9072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 6108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 8020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 8988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 5032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 4160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 8516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 8680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 5288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 8312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 5932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 6572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 9020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 1108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • Conhost.exe (PID: 4132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 5032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 2848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 9120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 8332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 8484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 9040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 7632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 6108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 8528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 5032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 8544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • Conhost.exe (PID: 8540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 4504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 9188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 9140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 3892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 3892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 6192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 2108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 6108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 8696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • Conhost.exe (PID: 9040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\wbem\WMIC.exe, SourceProcessId: 4496, StartAddress: E3C7ADB0, TargetImage: C:\Windows\System32\cmd.exe, TargetProcessId: 4496
Sigma detected: Browser Started with Remote Debugging
Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe, ParentProcessId: 1960, ParentProcessName: KametaSetup.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, ProcessId: 2484, ProcessName: chrome.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7632, ParentProcessName: cmd.exe, ProcessCommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, ProcessId: 7668, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Kameta Setup 1.0.0.exeVirustotal: Detection: 7%Perma Link
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_3a9b6098-4
Source: Kameta Setup 1.0.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7f8d2dd2-ffce-55a8-ade7-0b57674516b0Jump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: Kameta Setup 1.0.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\dpapi\dpapi\build\Release\dpapi.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Programs\unrealgameJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: chrome.exeMemory has grown: Private usage: 8MB later: 30MB
Source: Joe Sandbox ViewIP Address: 18.173.166.7 18.173.166.7
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEIrJ7OAQiJo84BCOSvzgEIw7bOAQi9uc4BCO28zgEIu73OAQjWvc4BCMy/zgEYwcvMARi9rs4BGJ2xzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEIrJ7OAQiJo84BCOSvzgEIw7bOAQi9uc4BCO28zgEIu73OAQjWvc4BCMy/zgEYwcvMARi9rs4BGJ2xzgE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global trafficDNS traffic detected: DNS query: api.gofile.io
Source: global trafficDNS traffic detected: DNS query: file.io
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: global trafficDNS traffic detected: DNS query: c.msn.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: dns.quad9.net
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: global trafficTCP traffic: 192.168.11.20:63924 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:63924 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:54414 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:54414 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:54414 -> 239.255.255.250:1900
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://EditorConfig.org
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://allyoucanleet.com/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/post/59142742143/designing-apis-for-asynchrony)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://christalkington.com/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ci.testling.com/substack/node-concat-map)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ci.testling.com/substack/node-concat-map.png)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://connalle.blogspot.com/2013/10/topological-sortingkahn-algorithm.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cr.yp.to/djb.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://debuggable.com/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dev.w3.org/csswg/css-color/#hwb-to-rgb
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.amazonwebservices.com/general/latest/gr/signature-version-4.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.aws.amazon.com/general/latest/gr/rande.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dojofoundation.org/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/6.0/#sec-object.keys)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/6.0/#sec-object.prototype.tostring)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/6.0/#sec-patterns).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/6.0/#sec-properties-of-the-map-prototype-object)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/6.0/#sec-samevaluezero)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/6.0/#sec-tolength).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-ecmascript-function-objects-call-thisargument-argume
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.keys)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-patterns).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-template-literal-lexical-components).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-tolength).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ejohn.org/blog/javascript-micro-templating/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/garycourt/uri-js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/isaacs/abbrev-js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/mikeal/request
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/trentm/node-cmdln
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://hughsk.io/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://hyperelliptic.org/tanja
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jeditoolkit.com)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jeremie.com/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jmrware.com/articles/2009/uri_regexp/URI_regex.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/schema
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jsperf.com/1-vs-infinity
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://juliangruber.com
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://nodejs.org)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://npmjs.org)
Source: Kameta Setup 1.0.0.exe, 00000000.00000000.94881287347.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://peter.michaux.ca/articles/lazy-function-definition-pattern)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://placehold.it/32x32
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://requirejs.org/docs/errors.html#mismatch
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sheetjs.com
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/1068308/13216
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/16459606/376773
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/22747272/680742
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/398120/376773
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/13227489
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/201323/using-a-regular-expression-to-validate-an-email-address#an
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://substack.net
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/draft-luff-relative-json-pointer-00
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc3339#section-5.6
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4122
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://travis-ci.org/substack/node-concat-map)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trentm.com)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tweetnacl.cr.yp.to/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tweetnacl.cr.yp.to/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://underscorejs.org/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://underscorejs.org/LICENSE
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unix.stackexchange.com/questions/151118/understand-compgen-builtin-command
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unlicense.org
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unlicense.org/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wonko.com/post/html-escaping)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.cryptojedi.org/users/peter/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ru.nl/~sjakie/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-8.6)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-ecmascript-language-types)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-regexp.prototype.tostring
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-function.prototype.apply).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-regexp.prototype.tostring
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-tointeger).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.futurealoof.com)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.joyent.com
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.justmoon.net)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.robvanderwoude.com/escapechars.php
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sunfork.com)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.94969042730.0000000005E30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unix.org/Public/UNIDATA/EastAsianWidth.txt
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://alekberg.net/privacy
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://archiverjs.com/zip-stream/ZipStream.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://axios-http.com
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.izs.me)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.izs.me/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blueoakcouncil.org/license/1.0.0
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=2070)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=90
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=142792)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=156034
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=695438).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://camo.githubusercontent.com/6bbd36f4cf5b35a0f11a96dcd2e97711ffc2fb37/68747470733a2f2f662e636c
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://camo.githubusercontent.com/f4810e00e1c5f5f8addbe3e9f49064fd5d102699/68747470733a2f2f662e636c
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://caolan.github.io/async/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://choosealicense.com/licenses/mit/
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://chromium.dns.nextdns.io
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cr.joyent.us)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://css-tricks.com/debouncing-throttling-explained-examples/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/extensions/sandboxingEval).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/async_function
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://dns.google/dns-query
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://dns.sb/privacy/
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://dns64.dns.google/dns-query
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://doh.cox.net/dns-query
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://doh.dns.sb/dns-query
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://doh.xfinity.com/dns-query
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dom.spec.whatwg.org/#abortcontroller
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dom.spec.whatwg.org/#abortsignal
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dom.spec.whatwg.org/#interface-event
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dom.spec.whatwg.org/#set-the-canceled-flag
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://es5.github.io/#x13.2.2
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://es5.github.io/#x15.1.2.2)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://eslint.org/docs/rules/no-buffer-constructor)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/opensource
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/support
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/dperini/729294
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/BendingBender)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR/safer-buffer.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/DigitalBrainJS/AxiosPromise/blob/16deab13710ec09779922131f3fa5954320f83ab/lib/uti
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Gi60s/custom-error-instance#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Gi60s/custom-error-instance.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Gozala/events
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Gozala/events/pull/67)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/IndigoUnited/node-cross-spawn/issues/16
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ahmadnassri/har-schema
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ahmadnassri/har-schema.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ahmadnassri/node-har-validator
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ahmadnassri/node-har-validator.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ajv-validator/ajv
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ajv-validator/ajv.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ajv-validator/ajv/blob/master/lib/definition_schema.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ajv-validator/ajv/issues/889
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexindigo/asynckit#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexindigo/asynckit.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andyperlitch/jsbn.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/archiver-utils#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/archiver-utils.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/archiver-utils/blob/master/LICENSE
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/node-archiver
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/node-archiver.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/node-archiver/blob/master/LICENSE
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/node-archiver/blob/master/LICENSE-MIT
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/node-compress-commons
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/node-compress-commons.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/node-compress-commons/blob/master/LICENSE-MIT
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/node-crc32-stream
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/node-crc32-stream.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/archiverjs/node-crc32-stream/blob/master/LICENSE-MIT
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/arekinath/node-getpass.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/aws/aws-sdk-java-v2/blob/dc695de6ab49ad03934e1b02e7263abbd2354be0/core/auth/src/m
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/aws/aws-sdk-js/blob/18cb7e5b463b46239f9fdd4a65e2ff8c81831e8f/lib/signers/v4.js#L1
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/axios/axios.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/axios/axios/issues/69
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/beatgammit/base64-js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/beatgammit/base64-js/issues/42
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bestiejs/punycode.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bnjmnt4n/lodash-cli.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bradhugh/node-dpapi
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/brianloveswords/buffer-crc32
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/caolan/async.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex?sponsor=1
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-styles?sponsor=1
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/strip-ansi?sponsor=1
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/wrap-ansi?sponsor=1
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cloudflare/workerd/issues/902
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/colorjs/color-name
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cthackers)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cthackers/adm-zip
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cthackers/adm-zip.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dchest/tweetnacl-js.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dchest/tweetnacl-util-js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/rc.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/epoberezkin/fast-deep-equal#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/epoberezkin/fast-deep-equal.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/epoberezkin/fast-json-stable-stringify
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/epoberezkin/fast-json-stable-stringify)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/eslint/eslint/issues/7983.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react-native/pull/1632
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/felixge/node-combined-stream
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/felixge/node-delayed-stream
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/felixge/node-form-data/issues/38
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/buffer
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/buffer/issues/154
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/buffer/issues/166
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/buffer/issues/219
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/buffer/pull/148
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/safe-buffer
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/floodyberry/poly1305-donna
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/floodyberry/poly1305-donna)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/follow-redirects/follow-redirects
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/form-data/form-data/issues/196
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/form-data/form-data/issues/262
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/form-data/form-data/issues/40
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/friederbluemle)).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/holepunchto/b4a#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/holepunchto/b4a.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/holepunchto/bare-events#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/holepunchto/bare-events.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/hughsk/is-typedarray
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/aproba
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/are-we-there-yet
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/are-we-there-yet.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/are-we-there-yet/pull/92)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/console-control-strings
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/gauge
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/has-unicode
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/wide-align
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/color-support.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/fs.realpath.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/ignore-walk.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/inflight
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/isexe#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/isexe.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/jackspeak.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minimatch
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-glob/issues/570
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-graceful-fs
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-graceful-fs/issues/4
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/package-json-from-dist.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/path-scurry
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jashkenas/underscore/pull/1247
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jcrugzz)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jonschlinkert)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jonschlinkert/normalize-path
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyeecheung/node-dep-codemod#dep005)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/eng/blob/master/docs/index.md)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/joyent-gerrit/blob/master/docs/user/README.md).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node-asn1.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node-http-signature/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/7819
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jpommerening/node-lazystream
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jpommerening/node-lazystream.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra/issues/269
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/juliangruber/balanced-match
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/juliangruber/brace-expansion
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/juliangruber/isarray
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/justmoon/node-extend.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/kaielvin/jsbn-ec-point-compression
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/1088
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ljharb
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lodash/lodash
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lodash/lodash.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/fast-fifo
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/fast-fifo.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/fs-constants
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/fs-constants.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/is-my-json-valid/blob/master/formats.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/mkdirp-classic
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/mkdirp-classic.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mathiasbynens/emoji-regex.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mathiasbynens/punycode.js.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mcavage/node-assert-plus.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mcollina)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mhart)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mhart/aws4fetch/blob/b3aed16b6f17384cf36ea33bcba3c1e9f3bdfefd/src/main.js#L25-L34
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/aws-sign
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/caseless
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/forever-agent
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/minimistjs/minimist
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/moxystudio/node-cross-spawn
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/moxystudio/node-cross-spawn/pull/160
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/abort-controller#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/abort-controller.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/event-target-shim
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/event-target-shim.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/Release#release-schedule)).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/main/lib/internal/validators.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/lib/internal/errors.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/lib/internal/per_context/primordials.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/v14.19.3/lib/internal/per_context/primordials.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/acc506c2d2771dab8d7bba6d3452bc5180dff7cf
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/22066
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/8987
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/readable-stream
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/string_decoder
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/normalize/mz
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/are-we-there-yet
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/are-we-there-yet.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/deprecate-holder#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/deprecate-holder.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/fstream.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/gauge
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/inflight.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/npmlog.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/olado/doT).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pkgjs/parseargs#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/primno/dpapi#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/primno/dpapi.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/qix-)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/quartzjer/ecc-jsbn
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/quartzjer/ecc-jsbn.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ralphtheninja/expand-template
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ralphtheninja/expand-template.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rvagg)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rvagg/bl
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rvagg/bl#contributors
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rvagg/bl.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rvagg/isstream
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rvagg/isstream.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rynomad
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/make-dir
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/RubenVerborgh
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/epoberezkin
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/feross
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/isaacs
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/ljharb
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/sindresorhus
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/stefanpenner/get-caller-file#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/stefanpenner/get-caller-file.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/substack/github-from-package
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/foreground-child.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit/issues/21
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/trentm/node-cmdln)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/trentm/node-dashdash/blob/master/etc/dashdash.bash_completion.in
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/unclechu/node-deep-extend
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/catering
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/fs-lotus
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/fs-maybe-open
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/fs-read-exactly
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/node-existent
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yetingli
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yqnn/node-readdir-glob#options
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#Unforgeable
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://huntr.dev/repos/axios/axios/).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://izs.me)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jquery.org/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jsperf.com/object-keys-vs-for-in-with-closure/3
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lists.gnu.org/archive/html/bug-bash/2009-07/msg00125.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/custom-builds).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/icon.svg
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/license
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lukeed.com
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/demo/url-regex
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/ambiguous-ampersands)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-unicode).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Array/reverse).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Array/slice)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Number/isFinite).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Number/isInteger).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Number/isNaN)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Number/isSafeInteger).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Object/assign).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/String/replace).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/String/split).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Structured_clone_algorithm)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/clearTimeout).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/isNaN)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/iteration_protocols#iterator).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/rest_parameters).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/round#Examples)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/setTimeout).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/spread_operator).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/toLowerCase).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/toUpperCase).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mths.be/emoji
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mths.be/emoji-regex
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mths.be/he).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mths.be/punycode
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://nextdns.io/privacy
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/http.html#http_message_headers
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/util.html#utilformatformat-args
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/util.html#utilinspectobject-options
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/zlib.html#zlib_class_options
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/docs/latest/api/fs.html#class-fsdirent
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npmjs.com/package/es5-shim).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npmjs.org/~jpommerening
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npms.io/search?q=ponyfill.
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://odvr.nic.cz/doh
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://opencollective.com/ajv
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://openjsf.org/
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).No
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ponyfill.com/)
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://public.dns.iij.jp/
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-query
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://qntm.org/cmd
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/data.json#
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/json-schema-secure.json#
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unclechu/node-deep-extend/master/LICENSE
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://registry.npmjs.org/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ruben.verborgh.org/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://secure.travis-ci.org/substack/node-concat-map.png)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://server.net/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sheetjs.com/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://streams.spec.whatwg.org/#example-manual-write-with-backpressure
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/security).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3339#appendix-C
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3986#appendix-A
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6570
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6901
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tweetnacl.js.org
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ahmadnassri.com/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.archiverjs.com/zip-stream/ZipStream.html
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gnu.org/software/bash/manual/html_node/Programmable-Completion-Builtins.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.isecpartners.com/blog/2011/february/double-hmac-
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.nic.cz/odvr/
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/babel-polyfill)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-alloc)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-from)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/form-data
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safe-buffer)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safer-buffer)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.patreon.com/feross
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8288.html#section-3
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.safaribooksonline.com/library/view/regular-expressions-cookbook/9780596802837/ch07s16.ht
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49465
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49204 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49207 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53145 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57411
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55079
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55078
Source: unknownNetwork traffic detected: HTTP traffic on port 63749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57333 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51187 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54396 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52242
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49293
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59678
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61997
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64506
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54397
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54396
Source: unknownNetwork traffic detected: HTTP traffic on port 64253 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52034 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49207
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49206
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49205
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49204
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56739
Source: unknownNetwork traffic detected: HTTP traffic on port 54397 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55404
Source: unknownNetwork traffic detected: HTTP traffic on port 53426 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52259
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64506 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64253
Source: unknownNetwork traffic detected: HTTP traffic on port 63475 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49465 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49205 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63833
Source: unknownNetwork traffic detected: HTTP traffic on port 55762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59221
Source: unknownNetwork traffic detected: HTTP traffic on port 54997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51187
Source: unknownNetwork traffic detected: HTTP traffic on port 64148 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52034
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57333
Source: unknownNetwork traffic detected: HTTP traffic on port 52259 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57411 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49293 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59134 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52109 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52242 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62488
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64148
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51760
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57989
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50790
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53145
Source: unknownNetwork traffic detected: HTTP traffic on port 63833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53426
Source: unknownNetwork traffic detected: HTTP traffic on port 59221 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54997
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63867
Source: unknownNetwork traffic detected: HTTP traffic on port 49206 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58684
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63868
Source: unknownNetwork traffic detected: HTTP traffic on port 63869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59134
Source: unknownNetwork traffic detected: HTTP traffic on port 62488 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55404 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 53286 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 63638 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52109
Source: unknownNetwork traffic detected: HTTP traffic on port 51760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55078 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63638
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53286
Source: unknownNetwork traffic detected: HTTP traffic on port 63870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63870
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63475
Source: Conhost.exeProcess created: 166
Source: conhost.exeProcess created: 92
Source: cmd.exeProcess created: 142

System Summary

barindex
Drops large PE files
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile dump: KametaSetup.exe.0.dr 162028032Jump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile dump: KametaSetup.exe0.0.dr 162028032Jump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess token adjusted: SecurityJump to behavior
Source: libEGL.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: KametaSetup.exe0.0.drStatic PE information: Number of sections : 16 > 10
Source: KametaSetup.exe.0.drStatic PE information: Number of sections : 16 > 10
Source: libGLESv2.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: vk_swiftshader.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: vulkan-1.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: ffmpeg.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: ffmpeg.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: Kameta Setup 1.0.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal84.troj.spyw.evad.winEXE@998/189@13/10
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8028:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7016:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5492:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3916:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1532:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5492:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2192:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5076:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:596:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3468:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6140:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8184:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3468:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6712:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:828:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1532:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6364:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5700:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1148:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2108:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1776:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:828:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2328:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:524:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5292:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6296:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3528:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4420:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4412:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2080:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2256:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3916:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3580:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:460:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5272:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5076:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3356:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:460:120:WilError_03
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeMutant created: \Sessions\1\BaseNamedObjects\7f8d2dd2-ffce-55a8-ade7-0b57674516b0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6684:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5088:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5700:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4892:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6236:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7016:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2328:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5908:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3356:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2504:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4412:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1776:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5088:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6684:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8028:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2108:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8072:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4692:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6504:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3528:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3136:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5380:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:612:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1856:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5380:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6504:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1956:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3184:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4692:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6140:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4040:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3472:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6560:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4420:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4892:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5908:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3580:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2192:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5864:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:524:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5864:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6712:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3136:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6560:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6136:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:612:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5272:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4160:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7216:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2080:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6364:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6136:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4444:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1956:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8072:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7216:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4444:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3472:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2312:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4160:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4040:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5292:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6296:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:596:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2504:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1856:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2256:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1148:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6236:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2312:120:WilError_03
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsi396.tmpJump to behavior
Source: Kameta Setup 1.0.0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'KAMETASETUP.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'MSEDGE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'MSEDGE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Kameta Setup 1.0.0.exeVirustotal: Detection: 7%
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile read: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Kameta Setup 1.0.0.exe "C:\Users\user\Desktop\Kameta Setup 1.0.0.exe"
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KametaSetup.exe" | %SYSTEMROOT%\System32\find.exe "KametaSetup.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "KametaSetup.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 --field-trial-handle=2164,i,4496418610188938709,3673006249635420347,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2572 --field-trial-handle=2164,i,4496418610188938709,3673006249635420347,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --no-subproc-heap-profiling --field-trial-handle=1792,i,5804519358371778513,5412243418019726563,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2100 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8724771713764745435,9521847868225282173,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2440 /prefetch:3
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\find.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KametaSetup.exe" | %SYSTEMROOT%\System32\find.exe "KametaSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "KametaSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 --field-trial-handle=2164,i,4496418610188938709,3673006249635420347,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversionJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversionJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversionJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversionJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: thumbcache.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: photometadatahandler.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: windowscodecs.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: mfsrcsnk.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: mfplat.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: rtworkq.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: thumbcache.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dxcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7f8d2dd2-ffce-55a8-ade7-0b57674516b0Jump to behavior
Source: Kameta Setup 1.0.0.exeStatic file information: File size 79764652 > 1048576
Source: Kameta Setup 1.0.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\dpapi\dpapi\build\Release\dpapi.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductNameJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: .voltbl
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: KametaSetup.exe.0.drStatic PE information: section name: .00cfg
Source: KametaSetup.exe.0.drStatic PE information: section name: .gxfg
Source: KametaSetup.exe.0.drStatic PE information: section name: .retplne
Source: KametaSetup.exe.0.drStatic PE information: section name: .rodata
Source: KametaSetup.exe.0.drStatic PE information: section name: .voltbl
Source: KametaSetup.exe.0.drStatic PE information: section name: CPADinfo
Source: KametaSetup.exe.0.drStatic PE information: section name: LZMADEC
Source: KametaSetup.exe.0.drStatic PE information: section name: _RDATA
Source: KametaSetup.exe.0.drStatic PE information: section name: malloc_h
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: .voltbl
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: .voltbl
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .voltbl
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: .voltbl
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll0.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll0.0.drStatic PE information: section name: .voltbl
Source: ffmpeg.dll0.0.drStatic PE information: section name: _RDATA
Source: KametaSetup.exe0.0.drStatic PE information: section name: .00cfg
Source: KametaSetup.exe0.0.drStatic PE information: section name: .gxfg
Source: KametaSetup.exe0.0.drStatic PE information: section name: .retplne
Source: KametaSetup.exe0.0.drStatic PE information: section name: .rodata
Source: KametaSetup.exe0.0.drStatic PE information: section name: .voltbl
Source: KametaSetup.exe0.0.drStatic PE information: section name: CPADinfo
Source: KametaSetup.exe0.0.drStatic PE information: section name: LZMADEC
Source: KametaSetup.exe0.0.drStatic PE information: section name: _RDATA
Source: KametaSetup.exe0.0.drStatic PE information: section name: malloc_h
Source: fd77d606-9453-490c-8007-c226cd9bde19.tmp.node.6.drStatic PE information: section name: _RDATA
Source: a819d0f4-7c52-44cc-9196-ee30b5d859f0.tmp.node.6.drStatic PE information: section name: .didat
Source: a819d0f4-7c52-44cc-9196-ee30b5d859f0.tmp.node.6.drStatic PE information: section name: .00cfg
Source: a819d0f4-7c52-44cc-9196-ee30b5d859f0.tmp.node.6.drStatic PE information: section name: _RDATA
Source: 7a210616-f225-4fbb-9116-7b3e207c87cd.tmp.node.6.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\a819d0f4-7c52-44cc-9196-ee30b5d859f0.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\7a210616-f225-4fbb-9116-7b3e207c87cd.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\KametaSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\fd77d606-9453-490c-8007-c226cd9bde19.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\91b65e4e-3f35-4a6e-a6cc-4e10bbb5c54c.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\fd77d606-9453-490c-8007-c226cd9bde19.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\91b65e4e-3f35-4a6e-a6cc-4e10bbb5c54c.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\a819d0f4-7c52-44cc-9196-ee30b5d859f0.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\7a210616-f225-4fbb-9116-7b3e207c87cd.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KametaSetup.lnkJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9871
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9886
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9859
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9834
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\a819d0f4-7c52-44cc-9196-ee30b5d859f0.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy443.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy443.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy443.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy443.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7a210616-f225-4fbb-9116-7b3e207c87cd.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy443.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\fd77d606-9453-490c-8007-c226cd9bde19.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\91b65e4e-3f35-4a6e-a6cc-4e10bbb5c54c.tmp.nodeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1864Thread sleep count: 9871 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3136Thread sleep count: 9886 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5132Thread sleep count: 9859 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5060Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1972Thread sleep count: 9834 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1972Thread sleep count: 47 > 30
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Programs\unrealgameJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Excessive usage of taskkill to terminate processes
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KametaSetup.exe" | %SYSTEMROOT%\System32\find.exe "KametaSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "KametaSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 --field-trial-handle=2164,i,4496418610188938709,3673006249635420347,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversionJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversionJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversionJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversionJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductNameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:listJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:listJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:listJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:listJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversionJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "c:\users\user\appdata\local\programs\unrealgame\kametasetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=2044 --field-trial-handle=2164,i,4496418610188938709,3673006249635420347,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "c:\users\user\appdata\local\programs\unrealgame\kametasetup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2572 --field-trial-handle=2164,i,4496418610188938709,3673006249635420347,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "c:\users\user\appdata\local\programs\unrealgame\kametasetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=2044 --field-trial-handle=2164,i,4496418610188938709,3673006249635420347,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: ..\..\electron\shell\browser\ui\views\electron_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nlbkmzhggxlk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nlbkmzhggxlk\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nlbkmzhggxlk\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nlbkmzhggxlk\Passwords VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nlbkmzhggxlk\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nlbkmzhggxlk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nlbkmzhggxlk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nlbkmzhggxlk\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillRegex VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\extensions_crx_cache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Floc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\hyphen-data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MEIPreload VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationHints VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\segmentation_platform VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Variations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Functional Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-3wRmoN VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-3wRmoN VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-3wRmoN VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0196354653 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0196354653 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0353475199 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0409654664 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0982390758 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033868256 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033868256 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1343496627 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1343496627 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1422339599 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1422339599 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1927994670 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2160417493 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2168651637 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3677062445 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4683256203 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4683256203 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6183211589 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6213653276 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6213653276 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7155756679 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8300215382 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8351801105 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9217021447 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9275373402 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9925478147 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9925478147 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrocef_low VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_sbx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2\en-US VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\47114209A62F3B9930F6B8998DFD4A991 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE707.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE708.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE813.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{670045ED-838A-445B-A8C6-FF9D54DA77FF} VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{670045ED-838A-445B-A8C6-FF9D54DA77FF} VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior

Remote Access Functionality

barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts211
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		111
Disable or Modify Tools		1
OS Credential Dumping		1
Network Service Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Windows Service		1
Extra Window Memory Injection		1
DLL Side-Loading		LSASS Memory2
File and Directory Discovery		Remote Desktop Protocol1
Data from Local System		1
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
PowerShell		1
Registry Run Keys / Startup Folder		1
Windows Service		1
Extra Window Memory Injection		Security Account Manager33
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Remote Access Software		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
Process Injection		11
Masquerading		NTDS2
Security Software Discovery		Distributed Component Object ModelInput Capture3
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Registry Run Keys / Startup Folder		121
Virtualization/Sandbox Evasion		LSA Secrets3
Process Discovery		SSHKeylogging4
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
Process Injection		Cached Domain Credentials121
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
Application Window Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
Remote System Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1568018 Sample: Kameta Setup 1.0.0.exe Startdate: 04/12/2024 Architecture: WINDOWS Score: 84 91 sb.scorecardresearch.com 2->91 93 ntp.msn.com 2->93 95 7 other IPs or domains 2->95 125 Multi AV Scanner detection for submitted file 2->125 127 Drops large PE files 2->127 129 Sigma detected: Rare Remote Thread Creation By Uncommon Source Image 2->129 11 KametaSetup.exe 19 2->11         started        16 Kameta Setup 1.0.0.exe 12 196 2->16         started        signatures3 process4 dnsIp5 97 api.gofile.io 94.139.32.3, 443, 49205, 49758 ENIX-ASFR Belgium 11->97 99 file.io 143.244.215.221, 443, 49206, 49759 COGENT-174US United States 11->99 101 2 other IPs or domains 11->101 75 fd77d606-9453-490c...26cd9bde19.tmp.node, PE32+ 11->75 dropped 77 a819d0f4-7c52-44cc...30b5d859f0.tmp.node, PE32+ 11->77 dropped 79 91b65e4e-3f35-4a6e...10bbb5c54c.tmp.node, PE32+ 11->79 dropped 81 7a210616-f225-4fbb...3e207c87cd.tmp.node, PE32+ 11->81 dropped 131 Attempt to bypass Chrome Application-Bound Encryption 11->131 133 Suspicious powershell command line found 11->133 135 Tries to harvest and steal browser information (history, passwords, etc) 11->135 137 Excessive usage of taskkill to terminate processes 11->137 18 cmd.exe 11->18         started        21 cmd.exe 11->21         started        23 cmd.exe 11->23         started        27 121 other processes 11->27 83 C:\Users\user\AppData\...\KametaSetup.exe, PE32+ 16->83 dropped 85 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 16->85 dropped 87 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 16->87 dropped 89 13 other files (none is malicious) 16->89 dropped 25 cmd.exe 1 16->25         started        file6 signatures7 process8 dnsIp9 113 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 18->113 115 Suspicious powershell command line found 18->115 117 Queries memory information (via WMI often done to detect virtual machines) 18->117 30 WMIC.exe 18->30         started        33 conhost.exe 18->33         started        119 Excessive usage of taskkill to terminate processes 21->119 35 taskkill.exe 21->35         started        37 conhost.exe 21->37         started        39 conhost.exe 23->39         started        41 conhost.exe 25->41         started        45 2 other processes 25->45 103 chrome.cloudflare-dns.com 162.159.61.3, 443, 64506 CLOUDFLARENETUS United States 27->103 105 239.255.255.250, 1900 unknown Reserved 27->105 43 Conhost.exe 27->43         started        47 137 other processes 27->47 signatures10 process11 dnsIp12 50 Conhost.exe 39->50         started        139 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 41->139 141 Queries memory information (via WMI often done to detect virtual machines) 41->141 53 Conhost.exe 43->53         started        55 Conhost.exe 43->55         started        107 dns.quad9.net 149.112.112.112, 443, 49293, 49465 QUAD9-AS-1US United States 47->107 109 sb.scorecardresearch.com 18.173.166.7, 443, 52242 MIT-GATEWAYSUS United States 47->109 111 2 other IPs or domains 47->111 57 Conhost.exe 47->57         started        59 Conhost.exe 47->59         started        61 Conhost.exe 47->61         started        63 5 other processes 47->63 signatures13 process14 signatures15 121 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 50->121 123 Queries memory information (via WMI often done to detect virtual machines) 50->123 65 Conhost.exe 50->65         started        67 Conhost.exe 53->67         started        69 Conhost.exe 53->69         started        process16 process17 71 Conhost.exe 67->71         started        73 Conhost.exe 67->73         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Kameta Setup 1.0.0.exe5%ReversingLabsWin32.Malware.Malicord
Kameta Setup 1.0.0.exe7%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\7a210616-f225-4fbb-9116-7b3e207c87cd.tmp.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\91b65e4e-3f35-4a6e-a6cc-4e10bbb5c54c.tmp.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\a819d0f4-7c52-44cc-9196-ee30b5d859f0.tmp.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\fd77d606-9453-490c-8007-c226cd9bde19.tmp.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\KametaSetup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\SpiderBanner.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\StdUtils.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\nsExec.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsy443.tmp\nsis7z.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://wonko.com/post/html-escaping)0%Avira URL Cloudsafe
http://dev.w3.org/csswg/css-color/#hwb-to-rgb0%Avira URL Cloudsafe
https://mdn.io/clearTimeout).0%Avira URL Cloudsafe
http://www.ecma-international.org/ecma-262/7.0/#sec-function.prototype.apply).0%Avira URL Cloudsafe
https://www.isecpartners.com/blog/2011/february/double-hmac-0%Avira URL Cloudsafe
https://axios-http.com0%Avira URL Cloudsafe
https://openjsf.org/0%Avira URL Cloudsafe
https://bugs.chromium.org/p/v8/issues/detail?id=900%Avira URL Cloudsafe
http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)0%Avira URL Cloudsafe
http://ecma-international.org/ecma-262/7.0/#sec-ecmascript-function-objects-call-thisargument-argume0%Avira URL Cloudsafe
http://www.ecma-international.org/ecma-262/5.1/#sec-8.6)0%Avira URL Cloudsafe
http://www.cs.ru.nl/~sjakie/0%Avira URL Cloudsafe
https://blueoakcouncil.org/license/1.0.00%Avira URL Cloudsafe
http://ci.testling.com/substack/node-concat-map.png)0%Avira URL Cloudsafe
http://nodejs.org)0%Avira URL Cloudsafe
http://www.ecma-international.org/ecma-262/7.0/#sec-function.prototype.apply).0%VirustotalBrowse
http://peter.michaux.ca/articles/lazy-function-definition-pattern)0%Avira URL Cloudsafe
https://caolan.github.io/async/0%Avira URL Cloudsafe
http://ecma-international.org/ecma-262/7.0/#sec-tolength).0%Avira URL Cloudsafe
https://www.isecpartners.com/blog/2011/february/double-hmac-0%VirustotalBrowse
http://dev.w3.org/csswg/css-color/#hwb-to-rgb0%VirustotalBrowse
https://mdn.io/Number/isFinite).0%Avira URL Cloudsafe
http://hyperelliptic.org/tanja0%Avira URL Cloudsafe
https://lodash.com/custom-builds).0%Avira URL Cloudsafe
https://streams.spec.whatwg.org/#example-manual-write-with-backpressure0%Avira URL Cloudsafe
http://juliangruber.com0%Avira URL Cloudsafe
http://ecma-international.org/ecma-262/6.0/#sec-tolength).0%Avira URL Cloudsafe
https://mdn.io/clearTimeout).0%VirustotalBrowse
http://cr.yp.to/djb.html0%Avira URL Cloudsafe
http://ecma-international.org/ecma-262/6.0/#sec-properties-of-the-map-prototype-object)0%Avira URL Cloudsafe
https://mdn.io/spread_operator).0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
file.io
143.244.215.221
truefalse
    		high
    chrome.cloudflare-dns.com
    		162.159.61.3
    		truefalse
      		high
      dns.quad9.net
      		149.112.112.112
      		truefalse
        		high
        sb.scorecardresearch.com
        		18.173.166.7
        		truefalse
          		high
          www.google.com
          		142.251.35.228
          		truefalse
            		high
            api.gofile.io
            		94.139.32.3
            		truefalse
              		high
              assets.msn.com
              		unknown
              		unknownfalse
                		high
                c.msn.com
                		unknown
                		unknownfalse
                  		high
                  ntp.msn.com
                  		unknown
                  		unknownfalse
                    		high
                    api.msn.com
                    		unknown
                    		unknownfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://wonko.com/post/html-escaping)Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/yargs/set-blocking.gitKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/primno/dpapi#readmeKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/stefanpenner/get-caller-file#readmeKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/mathiasbynens/emoji-regex.gitKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/nodejs/node/pull/35941Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/moxystudio/node-cross-spawnKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/nodejs/string_decoderKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/holepunchto/b4a.gitKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/isaacs).Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.isecpartners.com/blog/2011/february/double-hmac-Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.ecma-international.org/ecma-262/7.0/#sec-function.prototype.apply).Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://dev.w3.org/csswg/css-color/#hwb-to-rgbKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://github.com/mikeal/forever-agentKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/KametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpfalse
                                            		high
                                            https://www.patreon.com/ferossKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/isaacs/fs.realpath.gitKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/Gozala/eventsKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/ChALkeRKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://mdn.io/clearTimeout).Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    • 0%, Virustotal, Browse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/json-schema-secure.json#Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://axios-http.comKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://openjsf.org/Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://github.com/jonschlinkert/normalize-pathKameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/prebuild/node-gyp-buildKameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/ahmadnassri/har-schema.gitKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tools.ietf.org/html/draft-luff-relative-json-pointer-00Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://nextdns.io/privacyKametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                		high
                                                                https://bugs.chromium.org/p/v8/issues/detail?id=90Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://github.com/nodejs/node/blob/v14.19.3/lib/internal/per_context/primordials.jsKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://developers.google.com/speed/public-dns/privacyGoogleKametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                    		high
                                                                    https://www.npmjs.com/package/safe-buffer)Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://doh.opendns.com/dns-queryKametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                        		high
                                                                        https://github.com/mathiasbynens/punycode.js.gitKameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/nodejs/readable-streamKameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://tools.ietf.org/html/rfc3986#appendix-AKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://underscorejs.org/LICENSEKameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/mysticatea/event-target-shim.gitKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/rvagg/bl.gitKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://ecma-international.org/ecma-262/7.0/#sec-ecmascript-function-objects-call-thisargument-argumeKameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://github.com/isaacs/path-scurryKameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://stackoverflow.com/a/1068308/13216Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.ecma-international.org/ecma-262/5.1/#sec-8.6)Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://github.com/isaacs/node-glob/issues/570Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/npm/inflight.gitKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/libuv/libuv/pull/1088Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://travis-ci.org/substack/node-concat-map)Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.cs.ru.nl/~sjakie/Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://github.com/joyeecheung/node-dep-codemod#dep005)Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://tools.ietf.org/html/rfc6901Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://npms.io/search?q=ponyfill.Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/archiverjs/node-crc32-stream/blob/master/LICENSE-MITKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://github.com/friederbluemle)).Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://blueoakcouncil.org/license/1.0.0Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://github.com/facebook/react-native/pull/1632Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://ci.testling.com/substack/node-concat-map.png)Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://github.com/archiverjs/archiver-utils.gitKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.unicode.org/copyright.htmlKameta Setup 1.0.0.exe, 00000000.00000003.94969042730.0000000005E30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/cthackers)Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://nodejs.org)Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://dns.google/dns-queryKametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://peter.michaux.ca/articles/lazy-function-definition-pattern)Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://github.com/RyanZim/universalify.gitKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://nodejs.org/api/util.html#utilinspectobject-optionsKameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://caolan.github.io/async/Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://github.com/juliangruber/balanced-matchKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/data.json#Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://github.com/joyent/node-asn1.gitKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/vweevers/node-existentKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/CloudflareKametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/caolan/async.gitKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://ecma-international.org/ecma-262/7.0/#sec-tolength).Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://github.com/isaacs/isexe.gitKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/nodejs/node/issues/8987Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://github.com/sponsors/isaacsKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://mdn.io/Number/isFinite).Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://hyperelliptic.org/tanjaKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://tools.ietf.org/html/rfc4122Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/isaacs/minimatchKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://lodash.com/custom-builds).Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://streams.spec.whatwg.org/#example-manual-write-with-backpressureKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://stackoverflow.com/a/16459606/376773Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/rvagg/isstream.gitKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/DigitalBrainJS/AxiosPromise/blob/16deab13710ec09779922131f3fa5954320f83ab/lib/utiKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://juliangruber.comKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://github.com/tapjs/foreground-child.gitKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/sponsors/ferossKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/mafintosh/fast-fifo.gitKameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://ecma-international.org/ecma-262/6.0/#sec-tolength).Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://github.com/alexindigo/asynckit#readmeKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.95014064225.0000000005230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://cr.yp.to/djb.htmlKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://ecma-international.org/ecma-262/6.0/#sec-properties-of-the-map-prototype-object)Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://github.com/iarna/are-we-there-yetKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://odvr.nic.cz/dohKametaSetup.exe, 00000006.00000000.95204320670.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmp, KametaSetup.exe, 00000038.00000000.95257637760.00007FF7CC972000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://mdn.io/spread_operator).Kameta Setup 1.0.0.exe, 00000000.00000003.95014873831.0000000005A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=695438).Kameta Setup 1.0.0.exe, 00000000.00000003.95016533675.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://github.com/axios/axios.gitKameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://github.com/nodejs/node/pull/32887Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://github.com/eslint/eslint/issues/7983.Kameta Setup 1.0.0.exe, 00000000.00000003.95015690776.0000000006840000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high

                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                        Public IPs

                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                        143.244.215.221
                                                                                                                                                                        		file.ioUnited States
                                                                                                                                                                        		174COGENT-174USfalse
                                                                                                                                                                        18.173.166.7
                                                                                                                                                                        		sb.scorecardresearch.comUnited States
                                                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                                                        162.159.61.3
                                                                                                                                                                        		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                        172.64.41.3
                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                        94.139.32.3
                                                                                                                                                                        		api.gofile.ioBelgium
                                                                                                                                                                        		48813ENIX-ASFRfalse
                                                                                                                                                                        149.112.112.112
                                                                                                                                                                        		dns.quad9.netUnited States
                                                                                                                                                                        		19281QUAD9-AS-1USfalse
                                                                                                                                                                        239.255.255.250
                                                                                                                                                                        		unknownReserved
                                                                                                                                                                        		unknownunknownfalse
                                                                                                                                                                        142.251.35.228
                                                                                                                                                                        		www.google.comUnited States
                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                        38.172.200.46
                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                        		174COGENT-174USfalse

                                                                                                                                                                        Private

                                                                                                                                                                        IP
                                                                                                                                                                        127.0.0.1

                                                                                                                                                                        General Information

                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                        Analysis ID:1568018
                                                                                                                                                                        Start date and time:2024-12-04 06:46:32 +01:00
                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                        Overall analysis duration:0h 14m 27s
                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                        Report type:full
                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                        Run name:Suspected VM Detection
                                                                                                                                                                        Number of analysed new started processes analysed:324
                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                        Technologies:
                                                                                                                                                                        • HCA enabled
                                                                                                                                                                        • EGA enabled
                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                        Sample name:Kameta Setup 1.0.0.exe
                                                                                                                                                                        Detection:MAL
                                                                                                                                                                        Classification:mal84.troj.spyw.evad.winEXE@998/189@13/10
                                                                                                                                                                        EGA Information:Failed
                                                                                                                                                                        HCA Information:
                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                        • Number of executed functions: 0
                                                                                                                                                                        • Number of non-executed functions: 0
                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                        Warnings

                                                                                                                                                                        • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe
                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 142.250.217.195, 192.178.50.78, 173.194.215.84, 142.250.217.238, 4.152.199.46, 13.107.42.16, 204.79.197.203, 20.96.153.111, 23.50.112.9, 23.50.112.60, 23.50.112.50, 23.50.112.29, 23.50.112.5, 23.50.112.62, 23.50.112.56, 23.50.112.20, 23.50.112.15, 4.152.133.8, 23.204.115.174, 23.204.115.175, 23.50.112.40, 23.50.112.30, 23.50.112.41, 23.50.112.32, 23.50.113.182, 23.50.113.149, 23.50.113.180, 23.50.113.148, 23.50.113.136, 23.50.113.147, 23.50.113.176, 23.50.113.173, 23.50.113.159, 13.107.21.237, 204.79.197.237, 20.110.205.119, 192.178.50.35
                                                                                                                                                                        • Excluded domains from analysis (whitelisted): prod-atm-wds-nav.trafficmanager.net, config.edge.skype.com.trafficmanager.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, c-msn-com-nsatc.trafficmanager.net, clientservices.googleapis.com, nav.smartscreen.microsoft.com, arc.msn.com, prod-agic-eu2-2.eastus2.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, redirector.gvt1.com, www.bing.com.edgekey.net, config-edge-skype.l-0007.l-msedge.net, th.bing.com, arc.trafficmanager.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, iris-de-prod-azsc-v2-eus2.eastus2.cloudapp.azure.com, e28578.d.akamaiedge.net, prod-agic-eu2-3.eastus2.cloudapp.azure.com, www.bing.com, assets.msn.com.edgekey.net, accounts.google.com, th.bing.com.edgekey.net, c-bing-com.dual-a-0034.a-msedge.net, a-0003.a-msedge.net, ctldl.windowsupdate.com, p-th.bing.com.trafficmanager.net, www-msn-com.a-0003.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, a1834.dsc
                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                        • Report size getting too big, too many NtCreateNamedPipeFile calls found.
                                                                                                                                                                        • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                        • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                        • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                        Simulations

                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                        00:48:55API Interceptor10x Sleep call for process: Kameta Setup 1.0.0.exe modified
                                                                                                                                                                        00:49:08API Interceptor2x Sleep call for process: dllhost.exe modified
                                                                                                                                                                        00:49:12API Interceptor14x Sleep call for process: WMIC.exe modified
                                                                                                                                                                        00:49:17API Interceptor10x Sleep call for process: powershell.exe modified

                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                        IPs

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                        162.159.61.3ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                            pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                https://www.wixsite.com/_api/invoice/2d5e7023-6014-4f5e-ab31-c1e25d999b96:9b27124a-a130-45dc-b81f-e5675b538826/view?token=56c18155-b636-4505-b95c-630f3d19901aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                      FACTURE NON PAYEE.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                            143.244.215.221iDvmIRCPBw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              ZdXUGLQpoL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                jaPB8q3WL1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  00514DIRyT.exeGet hashmaliciousGO StealerBrowse
                                                                                                                                                                                                    18.173.166.7http://denverrescuemission.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      https://us22.mailchimp.com/mctx/clicks?url=https%3A%2F%2Fnaport.com.br%2Ftech&xid=b07540652e&uid=212127442&iid=43a204bb7e&pool=cts&v=2&c=1715276467&h=633aae99b87aa03fcfcd4d0ee69f8d68261dff9fc69fccbb3cfe374e7c574b94Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        https://www.canva.com/design/DAGFSk_WtMc/9tvbYEvAsxHQ3zuWGK5hkg/view?utm_content=DAGFSk_WtMc&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          https://aQ9dXs48VI-xn--p0pr4qy8-xn----c1ac4bxc-xn----p1ai.translate.goog/ccTlEF/lDif3dnSI/aQ9dXs48VI?WW5KNVlXNHVkMjlzWmtCbVlXRXVaMjkyOlBvQWVISmx4c1d1aXZtb0dSUU5v+&_x_tr_sch=http&_x_tr_sl=xgqbBJSb&_x_tr_tl=MZcTUhWlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            https://www.canva.com/design/DAF2xkmAPKA/cimYQKQQoBc5t9rIblvZLg/view?utm_content=DAF2xkmAPKA&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              PDFCastle.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                172.64.41.3ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                  Belegdetails Nr378-938-027181-PDF.htmlGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                                                                                                    mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                      pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                          kingsmaker_6.ca.ps1Get hashmaliciousDucktailBrowse
                                                                                                                                                                                                                            Job Description.lnk (2).download.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                                              Company Booklet.lnk (2).download.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse

                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  dns.quad9.netrPO3799039985.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                  • 149.112.112.112
                                                                                                                                                                                                                                  JHPvqMzKbz.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 9.9.9.9
                                                                                                                                                                                                                                  GalacticShooter (3).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 149.112.112.112
                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 149.112.112.112
                                                                                                                                                                                                                                  GalacticFever.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 9.9.9.9
                                                                                                                                                                                                                                  chrome.cloudflare-dns.comton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                  mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                  pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                  kingsmaker_6.ca.ps1Get hashmaliciousDucktailBrowse
                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                  Job Description.lnk (2).download.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                  Company Booklet.lnk (2).download.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                  sb.scorecardresearch.comton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 18.165.220.106
                                                                                                                                                                                                                                  http://idiomas.astalaweb.com/otros/Portugu%C3%A9s/Comunicacion-verbos-en-portugues.aspGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 18.165.220.57
                                                                                                                                                                                                                                  mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 18.165.220.110
                                                                                                                                                                                                                                  pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 18.165.220.57
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 18.165.220.66
                                                                                                                                                                                                                                  Scan_19112024_people_power_press.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 18.165.220.66
                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 18.244.18.27
                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 18.165.220.110
                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 18.165.220.66
                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 18.165.220.106
                                                                                                                                                                                                                                  file.ioPdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                  • 45.112.123.126
                                                                                                                                                                                                                                  gKWbina3a4.batGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                  • 31.14.70.244
                                                                                                                                                                                                                                  K6aOw2Jmji.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                  • 31.14.70.244
                                                                                                                                                                                                                                  uyz4YPUyc9.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                  • 31.14.70.244
                                                                                                                                                                                                                                  yv7QsAR49V.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                  • 31.14.70.244
                                                                                                                                                                                                                                  jpiWvvEcbp.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                  • 31.14.70.244
                                                                                                                                                                                                                                  5E3zWXveDN.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                  • 31.14.70.244
                                                                                                                                                                                                                                  LKxcbzlwkz.exeGet hashmaliciousAveMaria, KeyLogger, StealeriumBrowse
                                                                                                                                                                                                                                  • 45.112.123.126
                                                                                                                                                                                                                                  t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                  • 45.112.123.126

                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  MIT-GATEWAYSUShttps://gaajbai.r.tsp1-brevo.net/tr/cl/Ipv8tLM_6XFaC46-AyySv62xU11Gam_6wBo9PhTW-GrEoJin-pUABRxsrn3Ohs7KWpubjNC13uikhD3jyVC-cicv7bjCnB_FKR8ntrSWj62GHX8lS9bF6DjFTod72jGT5orFYUcuEZfFLhYH0PJw3YcV5REfPqGJ30gJCwxSfXvPcvLXBVOydAdUyQvhvO7-TVZ6o3kdYYQkVDMJ3dx52jV6Fez8X6pInuPyzqbRfl7bceqY4dWENNeM8e3cXfQsiIiS3GOEtSEu79PK1qkXINb6Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 18.66.161.93
                                                                                                                                                                                                                                  x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 19.158.37.222
                                                                                                                                                                                                                                  ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 18.164.116.57
                                                                                                                                                                                                                                  teste.arm5.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                  • 18.16.58.79
                                                                                                                                                                                                                                  teste.m68k.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                  • 18.45.73.170
                                                                                                                                                                                                                                  teste.x86_64.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                  • 18.54.251.129
                                                                                                                                                                                                                                  teste.mips.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                  • 18.11.145.213
                                                                                                                                                                                                                                  https://www.paypal.com/signin/?returnUri=*2Fmyaccount*2Ftransfer*2FpayRequest*2FU-06C88558L1014094C*2FU-2DM00000BR7721433*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=*7B*22signUpRequest*22*3A*7B*22method*22*3A*22get*22*2C*22url*22*3A*22https*3A*2F*2Fwww.paypal.com*2Fmyaccount*2Ftransfer*2FguestLogin*2FpayRequest*2FU-06C88558L1014094C*2FU-2DM00000BR7721433*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq*26id*3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A*22*7D*7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585*2C150948*2C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 18.66.161.70
                                                                                                                                                                                                                                  spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 19.102.249.8
                                                                                                                                                                                                                                  x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 19.4.56.27
                                                                                                                                                                                                                                  CLOUDFLARENETUSCompany Profile and new order-202401127.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                  • 104.21.13.139
                                                                                                                                                                                                                                  hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                  • 172.67.177.134
                                                                                                                                                                                                                                  https://gaajbai.r.tsp1-brevo.net/tr/cl/Ipv8tLM_6XFaC46-AyySv62xU11Gam_6wBo9PhTW-GrEoJin-pUABRxsrn3Ohs7KWpubjNC13uikhD3jyVC-cicv7bjCnB_FKR8ntrSWj62GHX8lS9bF6DjFTod72jGT5orFYUcuEZfFLhYH0PJw3YcV5REfPqGJ30gJCwxSfXvPcvLXBVOydAdUyQvhvO7-TVZ6o3kdYYQkVDMJ3dx52jV6Fez8X6pInuPyzqbRfl7bceqY4dWENNeM8e3cXfQsiIiS3GOEtSEu79PK1qkXINb6Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 172.64.150.44
                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 172.67.181.44
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                  • 172.67.165.166
                                                                                                                                                                                                                                  Pagamento,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                  • 104.21.67.152
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                  • 172.67.165.166
                                                                                                                                                                                                                                  https://www.bing.com/ck/a?!&&p=b3ddcc612c5f63024f18df0521265aa33742187d0b01744f07bf6348af8f753eJmltdHM9MTczMzE4NDAwMA&ptn=3&ver=2&hsh=4&fclid=26e9525e-8a77-6109-2437-46988be9608d&psq=superpitmachinery.com&u=a1aHR0cHM6Ly9zdXBlcnBpdG1hY2hpbmVyeS5jb20v&ntb/#fi-weixiang.ong@falconincorporation.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.18.11.207
                                                                                                                                                                                                                                  Invoice268277.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                                                                  CLOUDFLARENETUSCompany Profile and new order-202401127.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                  • 104.21.13.139
                                                                                                                                                                                                                                  hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                  • 172.67.177.134
                                                                                                                                                                                                                                  https://gaajbai.r.tsp1-brevo.net/tr/cl/Ipv8tLM_6XFaC46-AyySv62xU11Gam_6wBo9PhTW-GrEoJin-pUABRxsrn3Ohs7KWpubjNC13uikhD3jyVC-cicv7bjCnB_FKR8ntrSWj62GHX8lS9bF6DjFTod72jGT5orFYUcuEZfFLhYH0PJw3YcV5REfPqGJ30gJCwxSfXvPcvLXBVOydAdUyQvhvO7-TVZ6o3kdYYQkVDMJ3dx52jV6Fez8X6pInuPyzqbRfl7bceqY4dWENNeM8e3cXfQsiIiS3GOEtSEu79PK1qkXINb6Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 172.64.150.44
                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 172.67.181.44
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                  • 172.67.165.166
                                                                                                                                                                                                                                  Pagamento,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                  • 104.21.67.152
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                  • 172.67.165.166
                                                                                                                                                                                                                                  https://www.bing.com/ck/a?!&&p=b3ddcc612c5f63024f18df0521265aa33742187d0b01744f07bf6348af8f753eJmltdHM9MTczMzE4NDAwMA&ptn=3&ver=2&hsh=4&fclid=26e9525e-8a77-6109-2437-46988be9608d&psq=superpitmachinery.com&u=a1aHR0cHM6Ly9zdXBlcnBpdG1hY2hpbmVyeS5jb20v&ntb/#fi-weixiang.ong@falconincorporation.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.18.11.207
                                                                                                                                                                                                                                  Invoice268277.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                                                                  COGENT-174USx86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 206.0.212.27
                                                                                                                                                                                                                                  teste.arm5.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                  • 38.31.207.148
                                                                                                                                                                                                                                  teste.m68k.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                  • 38.177.208.149
                                                                                                                                                                                                                                  teste.x86_64.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                  • 206.234.73.160
                                                                                                                                                                                                                                  teste.mips.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                  • 38.217.51.209
                                                                                                                                                                                                                                  teste.ppc.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                  • 149.127.172.184
                                                                                                                                                                                                                                  teste.mpsl.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                  • 167.141.205.46
                                                                                                                                                                                                                                  m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 38.220.172.164
                                                                                                                                                                                                                                  sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 38.154.20.156

                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dlluniswap-sniper-bot-with-gui Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    uniswap-sniper-bot-with-gui Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      file_0ff0e043637b4b548deb40664cc0d4bb_2024-11-20_09_05_14_911000.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        OmteV2.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                          Access_latest_x64.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            ExLoader_Installer.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                              SecuriteInfo.com.HEUR.Trojan.Script.Generic.5591.10617.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                SecuriteInfo.com.HEUR.Trojan.Script.Generic.5591.10617.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.GenericFCA.Script.33276.27996.26811.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                    C:\Users\user\AppData\LocalLow\Intel\ShaderCache\51eff8b256e076a0d64ad0efc14a673e5e43d16bdd6af910415c824ee9b35641

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):26
                                                                                                                                                                                                                                                    Entropy (8bit):3.6864194113487727
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:tAvnXVHjn:tgXVHjn
                                                                                                                                                                                                                                                    MD5:33F0D2B8DEC34BF56C3545C83958964F
                                                                                                                                                                                                                                                    SHA1:63DDE4D4174DFE30F1B1C2766692AFE1C4104FF2
                                                                                                                                                                                                                                                    SHA-256:FE02DF6064A02C4A8590E8BFB88BF55307E1313FE15CC4395CE8795FF932624A
                                                                                                                                                                                                                                                    SHA-512:5F46520B7030E0625F7BEA1FB1F1E8C81E7013697481FA9E5EE2D1DF188968E8B5103DD38F169EC35F3A0ABA3DF14183B637B9545A433EE2029FD1436DCF0BA7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:INSC.>.....Mar222021151921

                                                                                                                                                                                                                                                    C:\Users\user\AppData\LocalLow\Intel\ShaderCache\ebd4d0c9f0ca3eaa5cda86a769a61a6c14bedc7352461975acc08306a0871c7d

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):26
                                                                                                                                                                                                                                                    Entropy (8bit):3.6864194113487727
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:tAvnXVHjn:tgXVHjn
                                                                                                                                                                                                                                                    MD5:33F0D2B8DEC34BF56C3545C83958964F
                                                                                                                                                                                                                                                    SHA1:63DDE4D4174DFE30F1B1C2766692AFE1C4104FF2
                                                                                                                                                                                                                                                    SHA-256:FE02DF6064A02C4A8590E8BFB88BF55307E1313FE15CC4395CE8795FF932624A
                                                                                                                                                                                                                                                    SHA-512:5F46520B7030E0625F7BEA1FB1F1E8C81E7013697481FA9E5EE2D1DF188968E8B5103DD38F169EC35F3A0ABA3DF14183B637B9545A433EE2029FD1436DCF0BA7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:INSC.>.....Mar222021151921

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-674FED61-11FC.pma

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                                                                    Entropy (8bit):0.17066174128954578
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:OiYXAFVgLY3loXb7trS+1ulFOgW9QK+TOx3jM6zr4dQHnFT:OisAbgLYutwlggW9QKQso6zr4a
                                                                                                                                                                                                                                                    MD5:8958F4BF03C2CA614B034FF9EE4E5706
                                                                                                                                                                                                                                                    SHA1:EB7DDD9A1F4CCE9B3413258C7BDEDA508754857F
                                                                                                                                                                                                                                                    SHA-256:003E19953BB90703E5542F8A3817222841CC233338A7C875CDF34D864A4454E3
                                                                                                                                                                                                                                                    SHA-512:DAA8E138AA76A8BA19C8D027129EE35796500E0F5F0C04D10F36F7C5D4FD93DAB8D7C288833BA6C97C1AB7D769C02398379A37F0B6A7C103503B49DA23DD3BCB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:...@..@...@.....C.].....@..................P...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0......C<>.Z...................C<>.Z..................UMA.PersistentHistograms.DriveType......8...i.y.[".................................................i.y..Yd........A...........................7o.I'.Y.".4.............8o.I'.Y.................UMA.PersistentHistograms.HistogramsInStartupFile........ ...i.y.......7o.I'.Y..C<>.... ...i.y.......7o.I'.Y.7o.I........i.y..Yd........A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.........i.y.Pq.3................94.0.992.31-64".en-US*...Windows NT..10.0.1904224..x86_64..|........".To Be Filled By O.E.M....x86_64:F..variations_seed_etag.."mOB9Fluqaq+mietxhYXSL2cAH0KxdzECs1csHpZVA18="P....5...............4.>.2...:..............0..,.......TelemetryPopSampleSampling......Default..@..<...%...msAutoToggleMSAPrtSSOForNonMSAProfile.......triggere

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):152
                                                                                                                                                                                                                                                    Entropy (8bit):4.846101405296782
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Fg/fltlK7D2yQ9Bu2jVuDgmWUJ62+I3fdlYl8:qf1KryvpMgmTb3f08
                                                                                                                                                                                                                                                    MD5:4F92EE10C14AB76DB7578B74BFD51FBD
                                                                                                                                                                                                                                                    SHA1:A7F3CD6CA3249B0127EBDD3F02894EFCDC71BD8E
                                                                                                                                                                                                                                                    SHA-256:91BAD29873C51B45151A7BDAE3B1233EA55F063C3592F966FBF5492426B6303B
                                                                                                                                                                                                                                                    SHA-512:8DB464088823EAA5A73108453ECFD61F87251EA617D0C62B664EE0AD6288AA86126FEBB50B4AD3F0E126C844EDE01177705384B4B05DE54AB030879CC9342005
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:sdPC....................+.^..h#A...0.ER."mOB9Fluqaq+mietxhYXSL2cAH0KxdzECs1csHpZVA18="..................baf89b04-ec85-4201-8b33-0b186effe467............

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\091580b3-b664-4d2f-b8cf-a8dedf172e8a.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 20x20, 32 bits/pixel
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):71757
                                                                                                                                                                                                                                                    Entropy (8bit):6.771708343960135
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:vAlMWz7vLDtDSVlXXwpFlorgLUxF+D4n6owPFCawP/:vvuWAUxFaoGw/
                                                                                                                                                                                                                                                    MD5:E5E3377341056643B0494B6842C0B544
                                                                                                                                                                                                                                                    SHA1:D53FD8E256EC9D5CEF8EF5387872E544A2DF9108
                                                                                                                                                                                                                                                    SHA-256:E23040951E464B53B84B11C3466BBD4707A009018819F9AD2A79D1B0B309BC25
                                                                                                                                                                                                                                                    SHA-512:83F09E48D009A5CF83FA9AA8F28187F7F4202C84E2D0D6E5806C468F4A24B2478B73077381D2A21C89AA64884DF3C56E8DC94EB4AD2D6A8085AC2FEB1E26C2EF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............ .h............. ............... ......... .... .........((.... .h....%..00.... ..%..>@..@@.... .(B...e........ .?p......(....... ..... ..........................................w...x...y...v...j...c...\...N...........................w.<.w...y...x...]...P...M...N...N...N...M...H.<.............w.<.w...y...{...]...P...O...Q...R...P...O...N...K...H.<.........w...y...{...p...P...P...Q...S...Q...P..N...N..K...K.......w...y...{...|...i...Q...P...S...R.......................I.W.....y...{...}.......c...Q...Q...U.W......3<..6.i.?.V.D.L.L.@.Q<.....{...}..........n...P...S............3.7...;.f.B.P.P.D.U.8.[W.}................P...P.s..........3...7...<.g.H.c.O.R.Y.?.].................u...J...........6..8...?...E.o.O.U.W.L._..............................$...7...@...J.o.O.b.].L.f..+...........................*...0...;...J...S.h.].X.e.../..0.................!...*...*...2...<...G...P.i.g.Y.m.......1..2..0...0.......+...*...*...1...8...C...M.~.^.m.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\265422ae-85c8-483a-befc-94e49eb6764e.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3c88e5e6-d7d9-49ec-8eca-3a6648e9a4da.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9000
                                                                                                                                                                                                                                                    Entropy (8bit):4.994257462742733
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
                                                                                                                                                                                                                                                    MD5:3CB1586353968B52F028A678ED76E36E
                                                                                                                                                                                                                                                    SHA1:CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
                                                                                                                                                                                                                                                    SHA-256:14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
                                                                                                                                                                                                                                                    SHA-512:DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3036000, file counter 11, database pages 7, 1st free page 5, free pages 2, cookie 0x9, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                                                                                    Entropy (8bit):1.104638469007111
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:TKXOpyO5JMxnvmoy4GVUufezUAD6dcCD2EakMaTpvXswCG5gYxUXDuFJUmZQR0R:sn5HGszUAmd5DfRvsfwtuDWLOR0R
                                                                                                                                                                                                                                                    MD5:01DB28F07176A99C6608FA97087B8BFE
                                                                                                                                                                                                                                                    SHA1:CEA7837755057DCD7143A23EC2487147F75D80F6
                                                                                                                                                                                                                                                    SHA-256:64EA75B514BC7D664191555AAEB4F064A4DD0635A97147026089E8A4AF0856D7
                                                                                                                                                                                                                                                    SHA-512:5FDB85B4AF2E6C76700891E1EE9C59250B916555A58286905F670538FDEED83DCA8C8C82ECCBB69CB14A8100B087856418B0F2585E48B58375CDB9F09F1FC96F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................S`..=......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 20x20, 32 bits/pixel
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):71757
                                                                                                                                                                                                                                                    Entropy (8bit):6.771708343960135
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:vAlMWz7vLDtDSVlXXwpFlorgLUxF+D4n6owPFCawP/:vvuWAUxFaoGw/
                                                                                                                                                                                                                                                    MD5:E5E3377341056643B0494B6842C0B544
                                                                                                                                                                                                                                                    SHA1:D53FD8E256EC9D5CEF8EF5387872E544A2DF9108
                                                                                                                                                                                                                                                    SHA-256:E23040951E464B53B84B11C3466BBD4707A009018819F9AD2A79D1B0B309BC25
                                                                                                                                                                                                                                                    SHA-512:83F09E48D009A5CF83FA9AA8F28187F7F4202C84E2D0D6E5806C468F4A24B2478B73077381D2A21C89AA64884DF3C56E8DC94EB4AD2D6A8085AC2FEB1E26C2EF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............ .h............. ............... ......... .... .........((.... .h....%..00.... ..%..>@..@@.... .(B...e........ .?p......(....... ..... ..........................................w...x...y...v...j...c...\...N...........................w.<.w...y...x...]...P...M...N...N...N...M...H.<.............w.<.w...y...{...]...P...O...Q...R...P...O...N...K...H.<.........w...y...{...p...P...P...Q...S...Q...P..N...N..K...K.......w...y...{...|...i...Q...P...S...R.......................I.W.....y...{...}.......c...Q...Q...U.W......3<..6.i.?.V.D.L.L.@.Q<.....{...}..........n...P...S............3.7...;.f.B.P.P.D.U.8.[W.}................P...P.s..........3...7...<.g.H.c.O.R.Y.?.].................u...J...........6..8...?...E.o.O.U.W.L._..............................$...7...@...J.o.O.b.].L.f..+...........................*...0...;...J...S.h.].X.e.../..0.................!...*...*...2...<...G...P.i.g.Y.m.......1..2..0...0.......+...*...*...1...8...C...M.~.^.m.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):627
                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                                                                                                                    MD5:9D7435EA49A80FDD66E4915F513017F9
                                                                                                                                                                                                                                                    SHA1:469F6C6E4B19B85CC1BE497812B2F20864F4FF2C
                                                                                                                                                                                                                                                    SHA-256:409D4C47E940688527D730B996E8991E010988C7671565467ED69D640D0947F3
                                                                                                                                                                                                                                                    SHA-512:0561CD632D4219AEF4686DE40EC092921384CA89755D354801E0EAEC8645A8630A180807AF518AC8FCF01F71EB3D10FAA9CE1E62C7A7226A274975BDCB7EEB4C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):321
                                                                                                                                                                                                                                                    Entropy (8bit):5.151521366171608
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/jL+q2PCN23oH+Tcwt8NIFUt8m/HF1Zmw+m/HTLVkwOCN23oH+Tcwt8+eLJ:7Ov1YebpFUt82HF1/+2H15eYebqJ
                                                                                                                                                                                                                                                    MD5:D2AE6D91ED3E4116225DC855820E5A55
                                                                                                                                                                                                                                                    SHA1:2DD9050AD782023F64ECE51A41643D8F182854E8
                                                                                                                                                                                                                                                    SHA-256:CC198D65BEC3C13BC9BA39D97272F7391F4886D1051E90689FDE6287378EA6FD
                                                                                                                                                                                                                                                    SHA-512:201163A744B799B109C8670D5A94F746F32D92EEDC32B31F443F2B2AE5A7205CCB85057FB0A87809637C9BBAB4559673BE32D7EA30FE8D137B770C5FC1BD445B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.959 9a8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/04-00:49:22.960 9a8 Recovering log #3.2024/12/04-00:49:22.960 9a8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):321
                                                                                                                                                                                                                                                    Entropy (8bit):5.151521366171608
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/jL+q2PCN23oH+Tcwt8NIFUt8m/HF1Zmw+m/HTLVkwOCN23oH+Tcwt8+eLJ:7Ov1YebpFUt82HF1/+2H15eYebqJ
                                                                                                                                                                                                                                                    MD5:D2AE6D91ED3E4116225DC855820E5A55
                                                                                                                                                                                                                                                    SHA1:2DD9050AD782023F64ECE51A41643D8F182854E8
                                                                                                                                                                                                                                                    SHA-256:CC198D65BEC3C13BC9BA39D97272F7391F4886D1051E90689FDE6287378EA6FD
                                                                                                                                                                                                                                                    SHA-512:201163A744B799B109C8670D5A94F746F32D92EEDC32B31F443F2B2AE5A7205CCB85057FB0A87809637C9BBAB4559673BE32D7EA30FE8D137B770C5FC1BD445B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.959 9a8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/04-00:49:22.960 9a8 Recovering log #3.2024/12/04-00:49:22.960 9a8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\000001.dbtmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\CURRENT (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):365
                                                                                                                                                                                                                                                    Entropy (8bit):5.2237008772544575
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/Qq1CN23oH+Tcwt8age8Y55HEZzXELIx2KLlJ/Bl0jL+q2PCN23oH+Tcwt8ages:71Yeb8rcHEZrEkVLjBlFv1Yeb8rcHEZJ
                                                                                                                                                                                                                                                    MD5:292225EA10F432C496F83C5811925541
                                                                                                                                                                                                                                                    SHA1:5AE9059CF44FB9AD1B141B2026E1B91E259662B2
                                                                                                                                                                                                                                                    SHA-256:06BADD6D0195A3FB6F2D0D55E5F74B9326CC73842D936B3A24563C7A28ADCBAC
                                                                                                                                                                                                                                                    SHA-512:B97EAF2C7C6DB1E2C6D714D3B3FB820D02ECBA302A678DF02B4AF9B53FEC93AB4EAE6FC927343CD70F90056F323323E62F8DE77808460EBF0DCFF1DE3A5DFE76
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.999 9a8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold since it was missing..2024/12/04-00:49:23.049 9a8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\MANIFEST-000001

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):311
                                                                                                                                                                                                                                                    Entropy (8bit):5.63013335913349
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:Q1t4umOWNlWOLsf6ikYGLsR7EBHTYGLsbbXBH9VLIZlW1dKKtd7Z/:OXWHWbzdEBHT6bXBH9VLIZlW1MExZ/
                                                                                                                                                                                                                                                    MD5:7807800F1DFFF89AD48AF07EA411B169
                                                                                                                                                                                                                                                    SHA1:78B37B9DD1A04153E17566EC464F6E35D32E2D61
                                                                                                                                                                                                                                                    SHA-256:8A1DA247C9315C89FB843AF11F57BC3AA424AD2A06481129D4A480CC83B2BCCA
                                                                                                                                                                                                                                                    SHA-512:18705ED78825971B907BE0A722C41F54ED34D8842DAB42F8F838DCA30698646EFBF1C972EAB53656CBA72B297E7D956B246DEF32EE56AB7A9741D4BFFA681912
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:._N..................VERSION.1..META:https://www.bing.com.........L.-_https://www.bing.com..cib__firstTimeAccessed..1691263998736./_https://www.bing.com..cib__vsFirstTimeAccessed..1691263998740j.l9m................META:https://ntp.msn.com.........#."_https://ntp.msn.com..pageVersions..{"dhp":"20241128.50"}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                    Entropy (8bit):5.1496081314696855
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/GVq2PCN23oH+Tcwt8a2jMGIFUt8m/9uMgZmw+m/9uMIkwOCN23oH+Tcwt8a2jz:7GVv1Yeb8EFUt829uMg/+29uMI5eYebw
                                                                                                                                                                                                                                                    MD5:655B7874F5A79D3AB2249AB77C3AA35B
                                                                                                                                                                                                                                                    SHA1:D76FEAC6D3B90EEF921298E611052A6F0924084B
                                                                                                                                                                                                                                                    SHA-256:5E93C4394596CB70DC3D930DC89A95B2E4067C861F415BFDA9C7A071E16C3829
                                                                                                                                                                                                                                                    SHA-512:ACA93F4D6E26281E7A2C03F115A2E72F34CBB2E0EE7ECD758B623BF8D49B8CB83D5CEDAA8E3324CF70BC905C1F4123505EE8A543485E626CB9A6DDD6DA23341E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.468 1664 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/04-00:49:22.469 1664 Recovering log #3.2024/12/04-00:49:22.469 1664 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                    Entropy (8bit):5.1496081314696855
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/GVq2PCN23oH+Tcwt8a2jMGIFUt8m/9uMgZmw+m/9uMIkwOCN23oH+Tcwt8a2jz:7GVv1Yeb8EFUt829uMg/+29uMI5eYebw
                                                                                                                                                                                                                                                    MD5:655B7874F5A79D3AB2249AB77C3AA35B
                                                                                                                                                                                                                                                    SHA1:D76FEAC6D3B90EEF921298E611052A6F0924084B
                                                                                                                                                                                                                                                    SHA-256:5E93C4394596CB70DC3D930DC89A95B2E4067C861F415BFDA9C7A071E16C3829
                                                                                                                                                                                                                                                    SHA-512:ACA93F4D6E26281E7A2C03F115A2E72F34CBB2E0EE7ECD758B623BF8D49B8CB83D5CEDAA8E3324CF70BC905C1F4123505EE8A543485E626CB9A6DDD6DA23341E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.468 1664 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/04-00:49:22.469 1664 Recovering log #3.2024/12/04-00:49:22.469 1664 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9000
                                                                                                                                                                                                                                                    Entropy (8bit):4.994257462742733
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
                                                                                                                                                                                                                                                    MD5:3CB1586353968B52F028A678ED76E36E
                                                                                                                                                                                                                                                    SHA1:CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
                                                                                                                                                                                                                                                    SHA-256:14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
                                                                                                                                                                                                                                                    SHA-512:DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF9171a4.TMP (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9000
                                                                                                                                                                                                                                                    Entropy (8bit):4.994257462742733
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
                                                                                                                                                                                                                                                    MD5:3CB1586353968B52F028A678ED76E36E
                                                                                                                                                                                                                                                    SHA1:CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
                                                                                                                                                                                                                                                    SHA-256:14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
                                                                                                                                                                                                                                                    SHA-512:DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2491
                                                                                                                                                                                                                                                    Entropy (8bit):5.024849480263048
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:YPj1Zo4Vr8KVNkGkXX6VVks0LtpsA1ZiUoFag99crbJ/anUJaYPI7xaMGH1oB+C5:KvooGX6VVOZpsA40uOrMn3YPo0MG6+Zm
                                                                                                                                                                                                                                                    MD5:E5BE5130D11FAF7A71E7534C070753E2
                                                                                                                                                                                                                                                    SHA1:A46B648C0048FC9C05360C45A963DE72F9D6643F
                                                                                                                                                                                                                                                    SHA-256:9DBDF3BEC2C4DCAF612956AA9DEA046ED282DF95C94A43F8BEF454411AFC87BF
                                                                                                                                                                                                                                                    SHA-512:1EC765F901DD958986374C589B6371CE8B41998910F7AAE189D0BAA5B64FB141ABECAAB382E9438BF2A8409CBD57B0F5C19C837674B0B162A5B9D9EB120DC89D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13377764962392166"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF9171b4.TMP (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2491
                                                                                                                                                                                                                                                    Entropy (8bit):5.024849480263048
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:YPj1Zo4Vr8KVNkGkXX6VVks0LtpsA1ZiUoFag99crbJ/anUJaYPI7xaMGH1oB+C5:KvooGX6VVOZpsA40uOrMn3YPo0MG6+Zm
                                                                                                                                                                                                                                                    MD5:E5BE5130D11FAF7A71E7534C070753E2
                                                                                                                                                                                                                                                    SHA1:A46B648C0048FC9C05360C45A963DE72F9D6643F
                                                                                                                                                                                                                                                    SHA-256:9DBDF3BEC2C4DCAF612956AA9DEA046ED282DF95C94A43F8BEF454411AFC87BF
                                                                                                                                                                                                                                                    SHA-512:1EC765F901DD958986374C589B6371CE8B41998910F7AAE189D0BAA5B64FB141ABECAAB382E9438BF2A8409CBD57B0F5C19C837674B0B162A5B9D9EB120DC89D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13377764962392166"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7062
                                                                                                                                                                                                                                                    Entropy (8bit):3.335409159307871
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:B4YEm2yI1leT0K9Xp+0L1+U95SLl9iSrYSj:BL2d1sTb9Xp+o+u5SLl9iSrZj
                                                                                                                                                                                                                                                    MD5:7034B274FFBEE3232E2E2DA02B58BE9D
                                                                                                                                                                                                                                                    SHA1:B1F043BDDD91B6C3C1EE88547B148DA7F1CB4D30
                                                                                                                                                                                                                                                    SHA-256:12C6DD082643B0A0C0B463D434DD977B8C790E9809B7D2A9812773F42AD707BD
                                                                                                                                                                                                                                                    SHA-512:C471E05A3C0673C4CBC5994638910126997ADFC5947A419531760F51D43DA70A49F1BF9ADB933876A82E0A8F71235F4AE5601DD1BA61EB24FBE6024027AF6823
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:*...#................version.1..namespace-..&f.................&f.................&f...............M...b................next-map-id.1.Cnamespace-94519ba6_ad0c_49c7_a444_2614e3961cc5-https://ntp.msn.com/.0.z...................map-0-shd_sweeper.5{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.b.i.n.g._.v.2._.s.c.o.p.e.,.p.r.g.-.1.s.-.d.w.v.i.d.-.t.1.,.1.s.-.p.1.-.d.w.l.s.,.1.s.-.p.2.-.d.w.l.s.,.p.r.g.-.1.s.w.-.n.o.c.o.o.l.d.o.w.n.,.p.r.g.-.p.r.1.-.v.i.d.e.o.s.,.p.r.g.-.p.r.2.-.v.i.d.e.o.s.,.p.r.g.-.v.i.d.-.d.w.l.s.c.a.c.h.e.,.p.r.g.-.1.s.w.-.s.a.-.m.a.i.p.r.o.f.i.l.e._.c.,.p.r.g.-.1.s.w.-.s.a.q.v.f.t.2.,.p.r.g.-.1.s.w.-.n.o.a.b.r.t.-.r.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.h.p.,.p.r.g.-.1.s.w.-.t.m.u.i.d.1.s.s.y.n.c.,.1.s.-.n.t.f.1.-.f.g.d.i.,.1.s.-.w.p.o.-.p.r.1.-.s.d.s.h.p.1.5.,.p.r.g.-.p.r.1.-.s.v.g.a.n.i.m.a.t.c.,.p.r.g.-.p.r.1.-.s.v.g.a.n.i.m.a.t.1.,.2.4.0.9.-.n.e.w.-.b.i.n.g.-.d.e.s.i.g.n.-.t.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                    Entropy (8bit):5.158324482884649
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/BV1Vq2PCN23oH+TcwtrQMxIFUt8m/BegZmw+m/BeIkwOCN23oH+TcwtrQMFLJ:7RVv1YebCFUt82og/+2oI5eYebtJ
                                                                                                                                                                                                                                                    MD5:5C6D6910075B26A022A366071A707A79
                                                                                                                                                                                                                                                    SHA1:0B56C7774F0F177A078FA5BBF1932B9029194CB1
                                                                                                                                                                                                                                                    SHA-256:63D969E03F31613F9334875D1DDDA1059FD5F52EA1DD7E7DD9651D6CB898CB4D
                                                                                                                                                                                                                                                    SHA-512:DE16A2B057AF8FFA4A82231635B969CE7FB9CED79E6FF72BC8475C2D745F65254E248D8BBC42CA28AAC18394B6EDFC717040B16CF44A3C783BD371221BA63D4C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.870 1664 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/04-00:49:22.871 1664 Recovering log #3.2024/12/04-00:49:22.871 1664 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                    Entropy (8bit):5.158324482884649
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/BV1Vq2PCN23oH+TcwtrQMxIFUt8m/BegZmw+m/BeIkwOCN23oH+TcwtrQMFLJ:7RVv1YebCFUt82og/+2oI5eYebtJ
                                                                                                                                                                                                                                                    MD5:5C6D6910075B26A022A366071A707A79
                                                                                                                                                                                                                                                    SHA1:0B56C7774F0F177A078FA5BBF1932B9029194CB1
                                                                                                                                                                                                                                                    SHA-256:63D969E03F31613F9334875D1DDDA1059FD5F52EA1DD7E7DD9651D6CB898CB4D
                                                                                                                                                                                                                                                    SHA-512:DE16A2B057AF8FFA4A82231635B969CE7FB9CED79E6FF72BC8475C2D745F65254E248D8BBC42CA28AAC18394B6EDFC717040B16CF44A3C783BD371221BA63D4C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.870 1664 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/04-00:49:22.871 1664 Recovering log #3.2024/12/04-00:49:22.871 1664 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377764964983089

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1311
                                                                                                                                                                                                                                                    Entropy (8bit):3.4919334399387276
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:3i6AXPgg+psAFPrCLp3k2amEtLqlGr0GRQUSkOAO:3i6LBzFPWLpVFERuGNSqO3
                                                                                                                                                                                                                                                    MD5:D4BB87AC96C7DB302FF0E1E8CE11B7EE
                                                                                                                                                                                                                                                    SHA1:D00C369EAEDC00C470FA3B1C93E56AE20167608B
                                                                                                                                                                                                                                                    SHA-256:AED88CD0DDBA0E51066BCAF21F0EDE1ABE38B9EB9D71FA1132ACB35C451EB9F4
                                                                                                                                                                                                                                                    SHA-512:39E36A92A436C426F93163F711F1BE24B8E4A6BC44F9FBB6ECD1A114EE4989308A621193AA5303455C9FED14B6A47177E140BB1B9CCFF87AA6DD54394E768198
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SNSS................................"........9.#4.......$...528aa2a4-5ef1-464e-916a-5906d320ff4d........................................................!.............................................1..,.......$...94519ba6_ad0c_49c7_a444_2614e3961cc5......................]D%8.........................................edge://newtab/......N.e.w. .t.a.b...........................................................x...............X...............`...............X..........Xk(.....Xk(......................................................................j...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.U.S.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.&.O.C.I.D.=.M.N.H.P._.U.5.3.1.....................................8.......0.......8....................................................................... .......................................................P...$...3.8.5.5.c.2.d.f.-.4.b.f.2.-.4.f.1.d.-.9.2.d.1.-.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13377764965382447

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3985
                                                                                                                                                                                                                                                    Entropy (8bit):3.93703447255499
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:3c+hF0wD8WQpV8UIoQUbXf6sKy7s+WBs4aVj:31gwDI8xoBbXfUlaVj
                                                                                                                                                                                                                                                    MD5:3CB8715E8505E106C013453869873468
                                                                                                                                                                                                                                                    SHA1:8CD44DB21343EA7E10D0AB7B62CEC4F57F12163A
                                                                                                                                                                                                                                                    SHA-256:A1E302732C1A9591B12A2C7C233179F1404D0A51B2D0CC4375D3D414E1712F20
                                                                                                                                                                                                                                                    SHA-512:7FC6A51272911C05BE22BF277E274BE91E666B09A6537E2B918E5409E894592001110BFF4404B387DCAB0C8B27F431321F02DECFE3156A807FD28EEEC56C80B0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SNSS.................d^.`/.q..l...............https://www.bing.com/search?q=regedikt&form=WNSGPH&qs=SW&cvid=1c4c2e2811e44c03a63aad6fcf391716&pq=regedikt&cc=GB&setlang=en-US&wsso=Moderate....r.e.g.e.d.i.k.t. .-. .S.e.a.r.c.h...........................................................x...............................................h........*..2....*..2...........................x....................................... .......h.t.t.p.s.:././.w.w.w...b.i.n.g...c.o.m./.s.e.a.r.c.h.?.q.=.r.e.g.e.d.i.k.t.&.f.o.r.m.=.W.N.S.G.P.H.&.q.s.=.S.W.&.c.v.i.d.=.1.c.4.c.2.e.2.8.1.1.e.4.4.c.0.3.a.6.3.a.a.d.6.f.c.f.3.9.1.7.1.6.&.p.q.=.r.e.g.e.d.i.k.t.&.c.c.=.G.B.&.s.e.t.l.a.n.g.=.e.n.-.U.S.&.w.s.s.o.=.M.o.d.e.r.a.t.e.................................................0.......H.......X.......x...............................................................8.......P.......h.......................................................h...0.......?.%. .B.l.i.n.k. .s.e.r.i.a.l.i.z.e.d. .f.o.r.m. .s.t.a.t.e. .v.e.r.s.i.o.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):349
                                                                                                                                                                                                                                                    Entropy (8bit):5.135947281553018
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/Lq2PCN23oH+Tcwt7Uh2ghZIFUt8m/x1Zmw+m/xnkwOCN23oH+Tcwt7Uh2gnLJ:7Lv1YebIhHh2FUt82x1/+2xn5eYebIh9
                                                                                                                                                                                                                                                    MD5:50A649CDE26C9ADC4E74B40B61635548
                                                                                                                                                                                                                                                    SHA1:FCABC629BA52BD7866159572ACFB8AA5FAB65442
                                                                                                                                                                                                                                                    SHA-256:D50C73E445E6ED9098FCEF668C706EAF9671C428F8DFA45059C8E770471387DD
                                                                                                                                                                                                                                                    SHA-512:28CCACCCEEC7CC38AC05149B4FF187717CA6EC882E0B007CF2AE43A09C030E99429D8C7AEDE4189C9C1DE8F316F5CF9606DAD90AA851374D4951BF890EB5D4F9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.464 b84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/04-00:49:22.465 b84 Recovering log #3.2024/12/04-00:49:22.465 b84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):349
                                                                                                                                                                                                                                                    Entropy (8bit):5.135947281553018
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/Lq2PCN23oH+Tcwt7Uh2ghZIFUt8m/x1Zmw+m/xnkwOCN23oH+Tcwt7Uh2gnLJ:7Lv1YebIhHh2FUt82x1/+2xn5eYebIh9
                                                                                                                                                                                                                                                    MD5:50A649CDE26C9ADC4E74B40B61635548
                                                                                                                                                                                                                                                    SHA1:FCABC629BA52BD7866159572ACFB8AA5FAB65442
                                                                                                                                                                                                                                                    SHA-256:D50C73E445E6ED9098FCEF668C706EAF9671C428F8DFA45059C8E770471387DD
                                                                                                                                                                                                                                                    SHA-512:28CCACCCEEC7CC38AC05149B4FF187717CA6EC882E0B007CF2AE43A09C030E99429D8C7AEDE4189C9C1DE8F316F5CF9606DAD90AA851374D4951BF890EB5D4F9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.464 b84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/04-00:49:22.465 b84 Recovering log #3.2024/12/04-00:49:22.465 b84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\62c28fb5-a5b6-44ad-8753-64bc219c062f.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                                                                                    Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                                                                                    MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                                                                    SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                                                                    SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                                                                    SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_0

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_2

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_3

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\index

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):524656
                                                                                                                                                                                                                                                    Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:LsFlPlXe5l:LsF/e5l
                                                                                                                                                                                                                                                    MD5:F32A987078A7A91B0921A8A60A59D4B2
                                                                                                                                                                                                                                                    SHA1:736902023B2CA2E100AE137DC5E679A9B71FF58E
                                                                                                                                                                                                                                                    SHA-256:1A3FA6073ACA8F5A5CF65387F5F5A4186C92B0E731B9AE6F3EF80D0ECE65A982
                                                                                                                                                                                                                                                    SHA-512:11400FCA454854B454DE1BCA9776885A05F07B8C766D4E8BDB2ECB2620EFAB802A084416DA70D00B67532D8B0378B8B0881086846C0529DBE12A22C3D65F36C4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............................................./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                                                                    Entropy (8bit):2.913890986728064
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:dAIHyyEOlkL:CIHqi6
                                                                                                                                                                                                                                                    MD5:6E2276C8728F0D5DE9D77A9FE150FED1
                                                                                                                                                                                                                                                    SHA1:A4595EA4E3B94D9F3C4C9AF9FC01EB6B3AD4DD4C
                                                                                                                                                                                                                                                    SHA-256:170F1A28B84A4023E310E401F7B5EFA087E3E2F72E5006CDE44EFD140B387B9D
                                                                                                                                                                                                                                                    SHA-512:FE8A5B6CF82E90596FBAD1D46A08369EC419A763FBC0B064F1809A59FAEFD3445CC76026D4CDC7AA569F368938C29F8857ECD9B8F240F27822FAD23296158FB6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:(....%.toy retne.........................G..../.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                                                                    Entropy (8bit):2.913890986728064
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:dAIHyyEOlkL:CIHqi6
                                                                                                                                                                                                                                                    MD5:6E2276C8728F0D5DE9D77A9FE150FED1
                                                                                                                                                                                                                                                    SHA1:A4595EA4E3B94D9F3C4C9AF9FC01EB6B3AD4DD4C
                                                                                                                                                                                                                                                    SHA-256:170F1A28B84A4023E310E401F7B5EFA087E3E2F72E5006CDE44EFD140B387B9D
                                                                                                                                                                                                                                                    SHA-512:FE8A5B6CF82E90596FBAD1D46A08369EC419A763FBC0B064F1809A59FAEFD3445CC76026D4CDC7AA569F368938C29F8857ECD9B8F240F27822FAD23296158FB6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:(....%.toy retne.........................G..../.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                                                                    Entropy (8bit):2.913890986728064
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:dAIHyyEOlkL:CIHqi6
                                                                                                                                                                                                                                                    MD5:6E2276C8728F0D5DE9D77A9FE150FED1
                                                                                                                                                                                                                                                    SHA1:A4595EA4E3B94D9F3C4C9AF9FC01EB6B3AD4DD4C
                                                                                                                                                                                                                                                    SHA-256:170F1A28B84A4023E310E401F7B5EFA087E3E2F72E5006CDE44EFD140B387B9D
                                                                                                                                                                                                                                                    SHA-512:FE8A5B6CF82E90596FBAD1D46A08369EC419A763FBC0B064F1809A59FAEFD3445CC76026D4CDC7AA569F368938C29F8857ECD9B8F240F27822FAD23296158FB6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:(....%.toy retne.........................G..../.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                                                                    Entropy (8bit):2.913890986728064
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:dAIHyyEOlkL:CIHqi6
                                                                                                                                                                                                                                                    MD5:6E2276C8728F0D5DE9D77A9FE150FED1
                                                                                                                                                                                                                                                    SHA1:A4595EA4E3B94D9F3C4C9AF9FC01EB6B3AD4DD4C
                                                                                                                                                                                                                                                    SHA-256:170F1A28B84A4023E310E401F7B5EFA087E3E2F72E5006CDE44EFD140B387B9D
                                                                                                                                                                                                                                                    SHA-512:FE8A5B6CF82E90596FBAD1D46A08369EC419A763FBC0B064F1809A59FAEFD3445CC76026D4CDC7AA569F368938C29F8857ECD9B8F240F27822FAD23296158FB6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:(....%.toy retne.........................G..../.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\index

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:LsFl0lMjK//l:LsFKM2//l
                                                                                                                                                                                                                                                    MD5:45794F315982D0EAD4C8C47E7C05686E
                                                                                                                                                                                                                                                    SHA1:A787E7E3A4E0D481BF01757D6C261B9330342116
                                                                                                                                                                                                                                                    SHA-256:F953BFB54F7A385DC98698454ABCF7738007715C97484605BD30AE7A9DEF35E8
                                                                                                                                                                                                                                                    SHA-512:396CDEF7326BD9797B05259E09803421B536BE0FA0F6D783A59C5975DC36EADF250153725688E697F1092086FC4FE6DFB7C15EABE25796C0542F45388D1330E0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............................................./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):393
                                                                                                                                                                                                                                                    Entropy (8bit):5.200242442231803
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/334M1CN23oH+TcwtzjqEKj3K/2jM8B2KLlJ/G/Vq2PCN23oH+TcwtzjqEKj3Kk:7n4MYebvqBvFLjG/Vv1YebvqBQFUv
                                                                                                                                                                                                                                                    MD5:5B27364B90713CA0C92411D546120321
                                                                                                                                                                                                                                                    SHA1:09A8FCA72881CF595336C7F81469AB9541F67BD6
                                                                                                                                                                                                                                                    SHA-256:F7830D6963A962307F9CB92AFCB76CE9AB7C7CF604A325B277AA6CE384EA72E0
                                                                                                                                                                                                                                                    SHA-512:6354829B289CF869E1B51F72B96F3C05F1A34CA259AC3A71EE56519B433BCFD1A3D347BC4E06D68E2DDA03CF37EE3AB289A75A30D634E6731F3A8C22DCE9B5CC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.910 1664 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb since it was missing..2024/12/04-00:49:22.956 1664 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network Persistent State (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                                                                                    Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                                                                                    MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                                                                    SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                                                                    SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                                                                    SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2095
                                                                                                                                                                                                                                                    Entropy (8bit):6.25878194919498
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:ika17NpmKOTWzdTYRV+ETlht4l9EpmPL1lyTJYlixpmPL1lbTJ3:ika15pROTWzqRAqlP4lepwxlIYlKpwxP
                                                                                                                                                                                                                                                    MD5:4F5ACCCC5E954DB1E18D9A3CC788A4F4
                                                                                                                                                                                                                                                    SHA1:069A8793DEDA10501D4056CB0A5F61F3EC37D896
                                                                                                                                                                                                                                                    SHA-256:9789A5A70A9E1A579CB00E6810BD3A986C92A518511DF3FBF9CF5F9FFC618388
                                                                                                                                                                                                                                                    SHA-512:76C24D1BB1537048ED818B9F351AC22024A224B51AF2544F9EBF200FF304E33EAAF4995E3D2C8C2A5931B184506AA630E351C24378982F9BB2E9820C56D0B515
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:...n'................_mts_schema_descriptor.....F..................F.................3k.)................device_info-GlobalMetadata@.........J..|..... .*.oQxBx3XB+LeESt8u9/Z/2A==2.000340011677ED77.'device_info-md-oQxBx3XB+LeESt8u9/Z/2A==]..O9Y4QRTO52yAtnmJvgDmbxgG0y4=.. .(.0..........8...../@...../J.Fo0ZVE38AhfYdxChT37PSoU+O9U=R..'device_info-dt-oQxBx3XB+LeESt8u9/Z/2A==....oQxBx3XB+LeESt8u9/Z/2A==..To Be Filled By O.E.M..."QChrome WIN 93.0.961.52 (55ddfa3ef850523eea11b31f81b5facebd8934c3) channel(stable)*.93.0.961.52:$d14a0d0c-703a-47a1-a1a4-158e21707eb4@...../J...Z.To Be Filled By O.E.M.b.To Be Filled By O.E.M.h..r..........93.0.961.52$nd i................device_info-GlobalMetadata@.........J..|..... .*.oQxBx3XB+LeESt8u9/Z/2A==2.000340011677ED77.b.Z................'device_info-md-oQxBx3XB+LeESt8u9/Z/2A==}..O9Y4QRTO52yAtnmJvgDmbxgG0y4=.$4825df59-2fc2-4a0b-a2d5-569bbcb87906.. .(.0...../8...../@...../J.Fo0ZVE38AhfYdxChT37PSoU+O9U=..device_info-GlobalMetadata@.........J..|..... .*.oQxBx3X

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):328
                                                                                                                                                                                                                                                    Entropy (8bit):5.21509656746921
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/FYq2PCN23oH+TcwtpIFUt8m/1FYFZZmw+m/3kwOCN23oH+Tcwta/WLJ:7FYv1YebmFUt821FYFZ/+235eYebaUJ
                                                                                                                                                                                                                                                    MD5:4FF0C8BBCD1CD1899AA0F63B46FA5504
                                                                                                                                                                                                                                                    SHA1:A300316A685BC1ADC9F435542580EBFEF81ED151
                                                                                                                                                                                                                                                    SHA-256:12EF55869ABCFC42A9282225E42444329A86EAD6A3BD75B022CF5660B3DA1E23
                                                                                                                                                                                                                                                    SHA-512:6F8C723134DEEA874B427A23E47CABC5981F7BB404793F988C5D9E26F2017C2E603A49B034894EB1E218194A73C774E9D3CD8115FE36E08E5F5C88077467F7B7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.482 1754 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/04-00:49:22.483 1754 Recovering log #3.2024/12/04-00:49:22.484 1754 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):328
                                                                                                                                                                                                                                                    Entropy (8bit):5.21509656746921
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/FYq2PCN23oH+TcwtpIFUt8m/1FYFZZmw+m/3kwOCN23oH+Tcwta/WLJ:7FYv1YebmFUt821FYFZ/+235eYebaUJ
                                                                                                                                                                                                                                                    MD5:4FF0C8BBCD1CD1899AA0F63B46FA5504
                                                                                                                                                                                                                                                    SHA1:A300316A685BC1ADC9F435542580EBFEF81ED151
                                                                                                                                                                                                                                                    SHA-256:12EF55869ABCFC42A9282225E42444329A86EAD6A3BD75B022CF5660B3DA1E23
                                                                                                                                                                                                                                                    SHA-512:6F8C723134DEEA874B427A23E47CABC5981F7BB404793F988C5D9E26F2017C2E603A49B034894EB1E218194A73C774E9D3CD8115FE36E08E5F5C88077467F7B7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.482 1754 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/04-00:49:22.483 1754 Recovering log #3.2024/12/04-00:49:22.484 1754 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 8, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):122880
                                                                                                                                                                                                                                                    Entropy (8bit):1.127558825945373
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:sV+4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6:sV+4n/9p/39J6hwNKRmqu+7VusE
                                                                                                                                                                                                                                                    MD5:5397F1C0BC53C6833D69F56B5B002013
                                                                                                                                                                                                                                                    SHA1:57523CB0AB939296AA859BD125253E80D5FE822B
                                                                                                                                                                                                                                                    SHA-256:E2E2B200BCB54D55D8798BF335D33AEF327A5229835FE3ED70A8245F88F339DC
                                                                                                                                                                                                                                                    SHA-512:A9E7687DD7160D0F2FE38784AF8BAB90D270F532230DA6CB9E32F785ED8F08D6D823624A604867EDBE1CFFC8DB26C29751A9B80FC0E1D6680E5612E256FCC791
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ab01eefd-210e-4fa2-8237-ac4b27ade28d.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2491
                                                                                                                                                                                                                                                    Entropy (8bit):5.024849480263048
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:YPj1Zo4Vr8KVNkGkXX6VVks0LtpsA1ZiUoFag99crbJ/anUJaYPI7xaMGH1oB+C5:KvooGX6VVOZpsA40uOrMn3YPo0MG6+Zm
                                                                                                                                                                                                                                                    MD5:E5BE5130D11FAF7A71E7534C070753E2
                                                                                                                                                                                                                                                    SHA1:A46B648C0048FC9C05360C45A963DE72F9D6643F
                                                                                                                                                                                                                                                    SHA-256:9DBDF3BEC2C4DCAF612956AA9DEA046ED282DF95C94A43F8BEF454411AFC87BF
                                                                                                                                                                                                                                                    SHA-512:1EC765F901DD958986374C589B6371CE8B41998910F7AAE189D0BAA5B64FB141ABECAAB382E9438BF2A8409CBD57B0F5C19C837674B0B162A5B9D9EB120DC89D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13377764962392166"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c4b37bba-3254-493b-aaaf-365879527191.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):23881
                                                                                                                                                                                                                                                    Entropy (8bit):5.594815676614097
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:7PfCtxFtKhOObJ+UoAYDCx9TuqZz0VfUCh7xbog/OVFLl090CDrUKVVXmYpEOIjs:7nWDt8F1+UoAYDCx9Tuqh0VfUC9xbogJ
                                                                                                                                                                                                                                                    MD5:D8AF7F6C47609E05393972AF7E611FA9
                                                                                                                                                                                                                                                    SHA1:72A6DA68D7E578D49958FCBD10DFAB789CF2F0B5
                                                                                                                                                                                                                                                    SHA-256:146F690023C215A9CC9E2FCDD1509E8CD78A3875C186574B4F89215EA19C5089
                                                                                                                                                                                                                                                    SHA-512:6D5246CCF4C09E5C3E5995FF55071A5D74BB04D91173BD95D72C3512FAD3A0E905DF641291EDFCC081A3676240F6D2E3C75732D8EB465C023192C34164889989
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13377764962522187","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","https://*onenote.gov.online.office365.us/*","https://*powerpoint.gov.online.office365.us/*","https://*word-edit.gov.online.office365.us/*","https://

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f2b2c4ce-03d4-492c-9c7e-e333e2dda38d.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7894
                                                                                                                                                                                                                                                    Entropy (8bit):4.96053536467995
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:s7vTNk9jPcAWMdkjUouYI3+YJuRhkWrnh5I:s7vTNk9jPcAWMdaUoVISWQI
                                                                                                                                                                                                                                                    MD5:161A0F57C53B4BED87AE4B1C43F3CD4E
                                                                                                                                                                                                                                                    SHA1:379DC80DBC3DB29377685BDDECE752272D4368C0
                                                                                                                                                                                                                                                    SHA-256:68774CCB9AED5C6E30218DD71458BC8FB9D93C4405692B8A7688434244067984
                                                                                                                                                                                                                                                    SHA-512:03DE8545175D31AC534194087102264473260A30AA87E92C1D8CBFB7A402012AC4D024A056F14980F483700CD9B3C3F3272AFFB42D7255D02B06D9D04123F136
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_info":[],"account_tracker_service_last_update":"13377764962875054","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles":{"browser_name":6,"is_AutoFillFormData_imported":true,"is_Cookies_imported":true,"is_Extensions_imported":true,"is_Favorite_imported":true,"is_History_imported":true,"is_Payments_imported":true,"is_SavedPasswords_imported":true,"is_Settings_imported":true,"source_path":"C:\\Users\\user\\AppData\\Local\\Packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default"}},"imported_default_search_engine":"https://www.bing.com/search?q={searchTerms}&FORM={referrer:source}"},"autocomplete":{"retention_policy_last_version":94},"autofill":{"orphan_rows_removed":true},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_norm

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                    Entropy (8bit):0.03836764710264072
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Gtl5/8h8Gg4l5/8h8G4MRa9//9lnl/telfl6ll:GtohFohV89XHl/c
                                                                                                                                                                                                                                                    MD5:6F5771C974D00437A9C94023B158C42D
                                                                                                                                                                                                                                                    SHA1:40B6E17CBAF5C4F785E73EDD50739C723E5A14AD
                                                                                                                                                                                                                                                    SHA-256:EC63512D3573463924F58A82FCBAAA6FC1131A677986E1E6ACACB5D1AB8719B5
                                                                                                                                                                                                                                                    SHA-512:C56F48EEF0DEDB54D10D3F407BF047FFECDFF55DB76B59266B69A95B3435649436B473FDBBFDCE2063E6F347CB3AA105AE23375B1D37823DE727872E614DDF66
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..-...................../.X^)......)~2j~.f;..:..-...................../.X^)......)~2j~.f;..:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):16512
                                                                                                                                                                                                                                                    Entropy (8bit):0.6263223307430695
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:KYC66+WUsUgiT/e+s6kxt6WUChbVa7Pqd1+sLtbIA:dC66HUPTG+s6k/UCODqP+sLKA
                                                                                                                                                                                                                                                    MD5:77FB6CD0F8277D70748F27223C25520C
                                                                                                                                                                                                                                                    SHA1:909BF222FF8A598204C18A8AB9711C0FA78BC1F9
                                                                                                                                                                                                                                                    SHA-256:0D4C2F251260A52B18F5822EB9A83AE6C25554DB6A3D127F5DC64BFF4D9EAF64
                                                                                                                                                                                                                                                    SHA-512:F1C5079B45AAB1AFD0FA58E3A1EDEBB508A3D3E570B235DB1242C1A115AA8F432896332327B2DEBC9C20FB94DE87F7E2C1DB0F4E4629EFE4F1B98A576FB18ABA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:7....-.............)~2j~....4..............)~2j~.oUN.S.>...........c....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):321
                                                                                                                                                                                                                                                    Entropy (8bit):5.215185900833839
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/fq2PCN23oH+TcwtfrK+IFUt8m/99Zmw+m/9PkwOCN23oH+TcwtfrUeLJ:7fv1Yeb23FUt82z/+2p5eYeb3J
                                                                                                                                                                                                                                                    MD5:03B09B2971499F92EC439DF61535F095
                                                                                                                                                                                                                                                    SHA1:DA830BF9DB71D59DFF1795B51B9197C05499B65D
                                                                                                                                                                                                                                                    SHA-256:236D537061FB63100EA0A19A9A632D71C941AC7FF4E8CEB247FB6560C55E94AA
                                                                                                                                                                                                                                                    SHA-512:22D93FF95B5951076DD79ED9C9FEB8C1793AA0FA6CB41C7004337465EDD70EDD049645714993A1F451AC46F5E7D385E591BBF3474CCB4F5F9F53519CE5ED1394
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.886 b84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/04-00:49:22.887 b84 Recovering log #3.2024/12/04-00:49:22.887 b84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):321
                                                                                                                                                                                                                                                    Entropy (8bit):5.215185900833839
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/fq2PCN23oH+TcwtfrK+IFUt8m/99Zmw+m/9PkwOCN23oH+TcwtfrUeLJ:7fv1Yeb23FUt82z/+2p5eYeb3J
                                                                                                                                                                                                                                                    MD5:03B09B2971499F92EC439DF61535F095
                                                                                                                                                                                                                                                    SHA1:DA830BF9DB71D59DFF1795B51B9197C05499B65D
                                                                                                                                                                                                                                                    SHA-256:236D537061FB63100EA0A19A9A632D71C941AC7FF4E8CEB247FB6560C55E94AA
                                                                                                                                                                                                                                                    SHA-512:22D93FF95B5951076DD79ED9C9FEB8C1793AA0FA6CB41C7004337465EDD70EDD049645714993A1F451AC46F5E7D385E591BBF3474CCB4F5F9F53519CE5ED1394
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.886 b84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/04-00:49:22.887 b84 Recovering log #3.2024/12/04-00:49:22.887 b84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):482
                                                                                                                                                                                                                                                    Entropy (8bit):3.9553035680156614
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:G0Xtqcsqcva3mF2lHSenmF2lH+l1m8Bc3mtD4tmF2llemF2lq3m8qPmt761m9yKJ:G0nYvaZyGVC43oqn624Mtxjx4s
                                                                                                                                                                                                                                                    MD5:1D57238A387C249ABAB62C1D7D17C8C0
                                                                                                                                                                                                                                                    SHA1:C0B2F6FD2B7584B216018F8D90D88C8F4D4AC3BB
                                                                                                                                                                                                                                                    SHA-256:AF7A0E2C082701BA6DEE265F40590BE9531914787C34F8A8767B7D70DCFE56B1
                                                                                                                                                                                                                                                    SHA-512:053B5690186BB190211DA9D38F6BF758AEB345AD3DD9381AB29A426989E9832EC99A23D8E3E10BCA6AB2DB3D79450AE9AB7E197638895D390D44106CD068DA3D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.h.6.................__global... .t...................__global... ....Q.................20_.........................20_......w...................19_.....u....................18_.........................20_...../...................20_......@C1.................19_......8lS.................18_........h.................21_.....<..[.................9_......~z..................21_.....r....................9_.....m...................__global... ....[.................__global... .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):339
                                                                                                                                                                                                                                                    Entropy (8bit):5.162180322646925
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/Rq2PCN23oH+TcwtfrzAdIFUt8m/MZmw+m/skwOCN23oH+TcwtfrzILJ:7Rv1Yeb9FUt82M/+2s5eYeb2J
                                                                                                                                                                                                                                                    MD5:49F9FFD0E6085160DA3FC0FC69DF06BA
                                                                                                                                                                                                                                                    SHA1:676B2C10113D6198827BB8401072179BBD5FF645
                                                                                                                                                                                                                                                    SHA-256:633BB01A9A0353EF6C7E2F300102BEF14441BF7CE57AEB09CFD2DA52B871D440
                                                                                                                                                                                                                                                    SHA-512:6E69E1BEF2042517A2E08BD589D5596FD969166251138DFE8E050F3455C5F05B58B36C917BD05203C522ACD4F1BE534A4548768AC789E5258C3CF0BA02A36759
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.884 b84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/04-00:49:22.884 b84 Recovering log #3.2024/12/04-00:49:22.884 b84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):339
                                                                                                                                                                                                                                                    Entropy (8bit):5.162180322646925
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:j/Rq2PCN23oH+TcwtfrzAdIFUt8m/MZmw+m/skwOCN23oH+TcwtfrzILJ:7Rv1Yeb9FUt82M/+2s5eYeb2J
                                                                                                                                                                                                                                                    MD5:49F9FFD0E6085160DA3FC0FC69DF06BA
                                                                                                                                                                                                                                                    SHA1:676B2C10113D6198827BB8401072179BBD5FF645
                                                                                                                                                                                                                                                    SHA-256:633BB01A9A0353EF6C7E2F300102BEF14441BF7CE57AEB09CFD2DA52B871D440
                                                                                                                                                                                                                                                    SHA-512:6E69E1BEF2042517A2E08BD589D5596FD969166251138DFE8E050F3455C5F05B58B36C917BD05203C522ACD4F1BE534A4548768AC789E5258C3CF0BA02A36759
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:2024/12/04-00:49:22.884 b84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/04-00:49:22.884 b84 Recovering log #3.2024/12/04-00:49:22.884 b84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):45056
                                                                                                                                                                                                                                                    Entropy (8bit):0.2975361124918859
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:dRdu/EiHyI+Ra82/CLFdR2vGD/SJ0Yvae5WkE8txuEyGkGTm4rkCdpWEEVVo0g8v:wx9F1IohSdesk9xXytGACtQVjmBa
                                                                                                                                                                                                                                                    MD5:22546422BF75A4EE30E03B69D90E9DF5
                                                                                                                                                                                                                                                    SHA1:665BF967C4CE9BC26542AFAEE4CD9438E07DE9A8
                                                                                                                                                                                                                                                    SHA-256:F3890059F6CE7F39CB1845DD919079680959F9FBBC72060DE39C2AC7B23C0434
                                                                                                                                                                                                                                                    SHA-512:F99679D0C48F4C79D01FAD662B8F9763214A8E4F523FBEC04F5889F948B2A5493812E17D8838DCE3059B0E578AABE918EFE65FADA1E336A274E2CFD3A21F93D2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............$...).......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):11
                                                                                                                                                                                                                                                    Entropy (8bit):2.59490661824394
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:gem3:gL3
                                                                                                                                                                                                                                                    MD5:E60DFE28E77A79CD2CAA4F53BD711995
                                                                                                                                                                                                                                                    SHA1:2A150938498D9778DAF21F87B3E52ABDD4084716
                                                                                                                                                                                                                                                    SHA-256:D5E1FB030857E079A8FD6811C81BF756D23CED9AF5DC299354C88F89B763415E
                                                                                                                                                                                                                                                    SHA-512:B2ED5D4C3EEB946C2C869988E227ACD771614D559E1C108578546AA919E74251B92C7A1241D5E113018AB20A4295BBBCC12B7C520FB1C13DB242EC1B02B74F43
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:94.0.992.31

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):14969
                                                                                                                                                                                                                                                    Entropy (8bit):5.626160537922795
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:U9iIuERzA83h09RZxeIMWr8y90IKf+qNrB:/IuERzA83h09RZxpr8y90IKfHNd
                                                                                                                                                                                                                                                    MD5:269224DBE06617632DB1C9D38DAC429C
                                                                                                                                                                                                                                                    SHA1:9F4D4E62D30E88BF87EFB83A7BCFC10426BAD99B
                                                                                                                                                                                                                                                    SHA-256:1F8A2A15A596128475B2C02017C57D83E6EFEA06735F9D5098804E707B54237F
                                                                                                                                                                                                                                                    SHA-512:AA3E54924BC730BF78E2F9DC7AA205C54D1A47805BFF5C858C88EFD81E9819800D44779E9D2C4F72D850F177FF7ECDE08DF13A47BC8BF6B795016C4C060AA36D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                    Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                    MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                    SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                    SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                    SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):57
                                                                                                                                                                                                                                                    Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                    MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                    SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                    SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                    SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fe19e990-6df6-479b-b28b-df306737c87e.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):14969
                                                                                                                                                                                                                                                    Entropy (8bit):5.626160537922795
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:U9iIuERzA83h09RZxeIMWr8y90IKf+qNrB:/IuERzA83h09RZxpr8y90IKfHNd
                                                                                                                                                                                                                                                    MD5:269224DBE06617632DB1C9D38DAC429C
                                                                                                                                                                                                                                                    SHA1:9F4D4E62D30E88BF87EFB83A7BCFC10426BAD99B
                                                                                                                                                                                                                                                    SHA-256:1F8A2A15A596128475B2C02017C57D83E6EFEA06735F9D5098804E707B54237F
                                                                                                                                                                                                                                                    SHA-512:AA3E54924BC730BF78E2F9DC7AA205C54D1A47805BFF5C858C88EFD81E9819800D44779E9D2C4F72D850F177FF7ECDE08DF13A47BC8BF6B795016C4C060AA36D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):64
                                                                                                                                                                                                                                                    Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:@...e...........................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):162028032
                                                                                                                                                                                                                                                    Entropy (8bit):6.733467447219974
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1572864:2CquurbtqKajQe7vqrTU4PrCsdCXrBngPE1cG7VOWe2IkBmUgq3Fd6iU3x6VCdbm:MDAgZi
                                                                                                                                                                                                                                                    MD5:7153F5DCF75B41969A641F98F370D035
                                                                                                                                                                                                                                                    SHA1:E1D0C1D865C126BDED0376E01DCB18FC1D2F622D
                                                                                                                                                                                                                                                    SHA-256:FB7506B750512AA4807F75CB0F9401C0A34A1097E35D5EC78B468557261C50F1
                                                                                                                                                                                                                                                    SHA-512:2CBA838A3EDEBBE964BE243966976DB3C5A9AD1041ADDC467543699C182320991FA66C3A54A4C05D16818CCE395B38D3016D72E84E476F988535BF0DE811CC53
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........."......v.....................@..........................................`...........................................D.od..e.H.T............p..,.@.............`.....:.......................:.(...`...8...........P,H......iD......................text....u.......v.................. ..`.rdata...`k......bk..|..............@..@.data....bE...L.......K.............@....pdata..,.@..p....@...V.............@..@.00cfg..(............J..............@..@.gxfg....B.......B...L..............@..@.retplne.....`...........................rodata......p...................... ..`.tls................................@....voltbl.R...............................CPADinfo8...........................@...LZMADEC............................. ..`_RDATA..............................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..`.......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\chrome_100_percent.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):129690
                                                                                                                                                                                                                                                    Entropy (8bit):7.91868310789661
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:AEKzwqCT4weSxQCS/qGTL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:AEKzwt4hC4/rK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                                                                                                    MD5:8626E1D68E87F86C5B4DABDF66591913
                                                                                                                                                                                                                                                    SHA1:4CD7B0AC0D3F72587708064A7B0A3BECA3F7B81C
                                                                                                                                                                                                                                                    SHA-256:2CAA1DA9B6A6E87BDB673977FEE5DD771591A1B6ED5D3C5F14B024130A5D1A59
                                                                                                                                                                                                                                                    SHA-512:03BCD8562482009060F249D6A0DD7382FC94D669A2094DEC08E8D119BE51BEF2C3B7B484BB5B7F805AE98E372DAB9383A2C11A63AB0F5644146556B1BB9A4C99
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..............t...#.....:.I....yp....y6....y.....y#....y.....y`....ym....y.....y.....yI....y.....y'"...y.,...y.7...y;9...yv:...y(<...y.<...y.B...yfH...y.J...y.K...y.L.....M...N...aP...IS...BV...uY...]...Pa....d..&..h..'..i..(.hk..)..l..*..m..+.An..0..n..1.....2.....>.....?.....@.....A.....B.P...C.}...D.....F.9...H.r...I.I...J.....K.....L.....M.....N.6...O.....Q..%..R..(..T..1..U..4..W..>..X..H..^..M.._..N..`.mW..a.._..b..`..c.Cb..d.$d..e.Jg..g..g..i..k..j.*m..k..n..l..p..m..s..n..s..o..u..p..v..r..y..s.|{..u..~..v.<...x.....y.....~.......r..................................8................l.....;..... ......................p.....2..... .....8.....>.......................M.......................^.......................x...r.R...s.....t.....u.K...v.....w.....x.....y.+...z.~...{.....|.....}.a...~.u....._..........._...........l...................................Y.......................;.................R.................w...........6.................].................z.......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\chrome_200_percent.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179971
                                                                                                                                                                                                                                                    Entropy (8bit):7.941375268079628
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:rDQYaEQN6AJPrSxQCS/qGTafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/r4:rDQYaNN68rC4/Ygx5GMRejnbdZnVE6YR
                                                                                                                                                                                                                                                    MD5:48515D600258D60019C6B9C6421F79F6
                                                                                                                                                                                                                                                    SHA1:0EF0B44641D38327A360AA6954B3B6E5AAB2AF16
                                                                                                                                                                                                                                                    SHA-256:07BEE34E189FE9A8789AED78EA59AD41414B6E611E7D74DA62F8E6CA36AF01CE
                                                                                                                                                                                                                                                    SHA-512:B7266BC8ABC55BD389F594DAC0C0641ECF07703F35D769B87E731B5FDF4353316D44F3782A4329B3F0E260DEAD6B114426DDB1B0FB8CD4A51E0B90635F1191D9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..............t...#.....:.t....y.....y.....y.....y.....y.....y.....y.%...y.*...y.-...yc5...y.9...y.A...y.V...yCk...y.m...y)o...yyr...y#s...y.}...y.....y....y....y................................K....!.......&.....'....(.Q...).....*.....+.*...0....1.....2.....>.....?.f...@..$..A..&..B..)..C.1/..D.M:..F..<..H.JD..I.-K..J..P..K..V..L..\..M..^..N.Vc..O.?g..Q..p..R..t..T.g|..U.X...W.....X.H...^....._.....`.....a.....b.b...c.....d.....e.....g.....i.....j.....k.....l.....m.....n.....o.....p.....r.....s.....u.....v.....x.....y.....~........*.....+...../.....4.....6.....8....T9.....9....~;.....=....q>.....@.....A....FD.....I.....M.....U.....].....c.....i.....o....Tu.....v.....w.....x.....y.....{.....|.....}..........?.........r.....s.U...t.....u.....v....w.....x....y.*...z.....{....|.<...}.....~.............1...........L..........z.................G...........X...........f.....*..........@.....................q...........Y..........W...........;........................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4891080
                                                                                                                                                                                                                                                    Entropy (8bit):6.392150637672776
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8ccA:oy904wYbZCoOI85oyI
                                                                                                                                                                                                                                                    MD5:CB9807F6CF55AD799E920B7E0F97DF99
                                                                                                                                                                                                                                                    SHA1:BB76012DED5ACD103ADAD49436612D073D159B29
                                                                                                                                                                                                                                                    SHA-256:5653BC7B0E2701561464EF36602FF6171C96BFFE96E4C3597359CD7ADDCBA88A
                                                                                                                                                                                                                                                    SHA-512:F7C65BAE4EDE13616330AE46A197EBAD106920DCE6A31FD5A658DA29ED1473234CA9E2B39CC9833FF903FB6B52FF19E39E6397FAC02F005823ED366CA7A34F62
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                    • Filename: uniswap-sniper-bot-with-gui Setup 1.0.0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: uniswap-sniper-bot-with-gui Setup 1.0.0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file_0ff0e043637b4b548deb40664cc0d4bb_2024-11-20_09_05_14_911000.zip, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: OmteV2.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: Access_latest_x64.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: ExLoader_Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.HEUR.Trojan.Script.Generic.5591.10617.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.HEUR.Trojan.Script.Generic.5591.10617.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.GenericFCA.Script.33276.27996.26811.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........c...c...c..Z....c...c../c....7..c.......c.......c..Z....c..Z...bc..Z....c..Z....c..Z...6c..Z.[..c..Z....c..Rich.c..................PE..d...-L............" ......8.........`.(...................................... K.....2.J...`A..........................................F.x.....F.P.....J.@.....H.......J..!....J......vD.p.....................<.(...P.<.8.............<.(............................text.....8.......8................. ..`.rdata...=....8..@....8.............@..@.data...@.....F.......F.............@....pdata........H.......G.............@..@.rsrc...@.....J.......I.............@..@.reloc........J.......I.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2862080
                                                                                                                                                                                                                                                    Entropy (8bit):6.7042588011125215
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:XMoI7Qj3trgDtcfkW76fSL5Yqq6uthy4Y6NO8PyJegPTagrcjdiCOi2iNN3lzl3U:H3Kk76fUq/4TagreBOirnW
                                                                                                                                                                                                                                                    MD5:D49E7A8F096AD4722BD0F6963E0EFC08
                                                                                                                                                                                                                                                    SHA1:6835F12391023C0C7E3C8CC37B0496E3A93A5985
                                                                                                                                                                                                                                                    SHA-256:F11576BF7FFBC3669D1A5364378F35A1ED0811B7831528B6C4C55B0CDC7DC014
                                                                                                                                                                                                                                                    SHA-512:CA50C28D6AAC75F749ED62EEC8ACBB53317F6BDCEF8794759AF3FAD861446DE5B7FA31622CE67A347949ABB1098ECCB32689B4F1C54458A125BC46574AD51575
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." ......".........`.........................................B...........`A..........................................).......).(.............@.x.............A..2..D.).....................(.).(...."#.8.............).P............................text....."......."................. ..`.rdata...t....#..v....".............@..@.data...X.....*.."...n*.............@....pdata..x.....@.......*.............@..@.00cfg..(....@A......B+.............@..@.gxfg....+...PA..,...D+.............@..@.retplne\.....A......p+..................tls..........A......r+.............@....voltbl.8.....A......t+................._RDATA........A......v+.............@..@.reloc...2....A..4...x+.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\icudtl.dat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10541296
                                                                                                                                                                                                                                                    Entropy (8bit):6.277012685259397
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:ffPBQYOo+ddlymff2LfPQCvliXUxiG9Ha93Whla6ZENSs285:ffPBhORjfAHliXUxiG9Ha93Whla6ZEV7
                                                                                                                                                                                                                                                    MD5:ADFD2A259608207F256AEADB48635645
                                                                                                                                                                                                                                                    SHA1:300BB0AE3D6B6514FB144788643D260B602AC6A4
                                                                                                                                                                                                                                                    SHA-256:7C8C7B05D70145120B45CCB64BF75BEE3C63FF213E3E64D092D500A96AFB8050
                                                                                                                                                                                                                                                    SHA-512:8397E74C7A85B0A2987CAE9F2C66CE446923AA4140686D91A1E92B701E16B73A6CE459540E718858607ECB12659BEDAC0AA95C2713C811A2BC2D402691FF29DC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\437b3cfe-c260-4aed-b67a-4bf1a326c67f.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 12280
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3110
                                                                                                                                                                                                                                                    Entropy (8bit):7.933903341619943
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:0MWjN1CDThRYxENcEvyGF/8WAr6Fv9MFghzqSl:0MWjN1gRYavR8WjMFQzqSl
                                                                                                                                                                                                                                                    MD5:A83A2746B84F1CF573B02965B72ED592
                                                                                                                                                                                                                                                    SHA1:85CC572D6F90029EB99AAFA56297D1BCA494313A
                                                                                                                                                                                                                                                    SHA-256:DF4B53C1C7C48E80753D4945E6EC7847084F51BF57F0ED9D341326C74651D6EC
                                                                                                                                                                                                                                                    SHA-512:C287F479EF572A06FF191C4E9A8A718507C97A2A45CB265D7DC65DD7922B80D36CE7660EC5D7EA9F3D1F1EF71C51C3E4F3D7973754F97A89B4F14D1B1FDE70DE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............ko.7......J...../..v....... ....zE.\+.T..f..%wW.$........p8/.....z..|a...}.#y.`.l..7Kr..T:'.UE,.&.i..Y............h...B.....gJ....%.\.?.f]1R..@3.jHA..eHi&.Q..`....g.__?'3^...@~X..a8............UN..%...&.F..K19".Y:.).L.L..WL..xxD>.P@ ...&'..j..)%.Q\..<!.3n.<#....;.gd2.LZ....x.m&.e.`&;.KX..."...<G....8.R.jsd....g.)..?.$=UVT...#.+g.!.......R..1..#D.k...3.Bj3iT.....*.M..L....}..S.K.....zi..n.A{......n..o.0j..q...w...3.7.N..].>...zK..sr1#.d..Tk..ckB...<....j.a.M1oe.9.jIQ.y+...6.....]....v.X.......q.....a>...2`.WV.v.'..~.3*.4.'8...hkT.H..9SOIF.%...;n.6.U....i!...2v.9/.;.....R..8.(..L.b....aY2ps% ."...x.V..Y[.h.....^.........U.....p.'.&m.....6..%pWE....:..o.k...<.....5....j.I...*9...f..3.....-..0..D;......*S.td/...........^_.v.)y ..Uf..q>.v2...0....o....Y%5;.5fn..{.......p_......B..V.......D.Y.l....q 3...sm.b..!..E....a. &.w.-.s..>..M_...`.0..k.!<SH...9$.....V.\A$..}..8....#`...,...3.W..k...\..xH.1).~.Y.L1.O...\.....k.....s..i+.....).0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7a210616-f225-4fbb-9116-7b3e207c87cd.tmp.node

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):255488
                                                                                                                                                                                                                                                    Entropy (8bit):6.3283471797462285
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:3o06awTFRroAJKQEozTk/us7bqm/ohOnI:3o0cTjVJKQ9k/7bqm/o
                                                                                                                                                                                                                                                    MD5:DE00E0648BB3EE003375504188D473EF
                                                                                                                                                                                                                                                    SHA1:A43BE3FA52B56A4E8610590AC9465AA25401FBE5
                                                                                                                                                                                                                                                    SHA-256:9666F8E196C798EF4419B1E6C1A8D4BDB4A399CCAB485A32A38BEF6EAEB4A384
                                                                                                                                                                                                                                                    SHA-512:11772462CDAEFCFAAEF1D6D19C55C6454D8402E0056552FCBF63F68B5C999939A8BE34769B5FCB74872E2D7A890C0075B35D7E23565F76D246D5D624403A15B3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g.............9.......9...G...9...........................9..............d.......d.......d.......d.......Rich............PE..d......a.........." .....x..........8t.......................................P............`......................................... ...\...|...<....0..........d ...........@..l...@y..p...........................Pq..8...................d...@....................text...tv.......x.................. ..`.rdata...(.......*...|..............@..@.data....&..........................@....pdata..d ......."..................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc..l....@......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7c73bef5-6a51-4760-a537-033aeaab023c.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 16707
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4015
                                                                                                                                                                                                                                                    Entropy (8bit):7.942829486244974
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:6qO65dFso15wMvxpjQsGOm04jp7VFt5luSMa7AAlUzb37:XH5ko1qMgcm0kV5dMdVzb37
                                                                                                                                                                                                                                                    MD5:157FA9B3914DCEF8DADF132F7C41682B
                                                                                                                                                                                                                                                    SHA1:4BF449A8772CA6591FECD5F85FF6230E68D1D0D2
                                                                                                                                                                                                                                                    SHA-256:0D0594A2FD1B90F179081B6261FEB6D113C99C81A854BC7418D7AFB935AF2F46
                                                                                                                                                                                                                                                    SHA-512:36445F35CE2D1756E56397A51D791D7C2B03C2D858A3E9A3385AF6DF9D1F664D8F21E11F5B71ABC399DB914CA2B947713A722E068269AA0B0FEE80A23EC44985
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:...........[ms...~..w."..i_:.t.q:.L...G/.\....!.1E..iGM..x#........;IX,..........v.....y.#t./3B.*..-..<&..zI.8.E..8{.....4G.`.c0...Ct........NO......&a.".._..$.S...LR..]..1...;.Xp8.p...).S.......s9...&..GWA.].NXD19.l.}I0..MJ.w.../6.hI"...d[.w..v4......h2.......j.]...Q......|..~?.8..<.&@.u)ip5..f..t0....{...h.L.....Q.s....\.x..i>......t...M..{.*Z>.......f0..*^_W....ljS..O..),{.R..u..u.F....4........0.....K.+.&$.(.1."..x}"Y..I.Fa.C.#N.N..|.H..'..d...r.nQ.A..i.c.'.R....1Y..........1.=..'.[.._s.....`G`i.70+...X.$.!.oB.l..`m..|ec.bL.R4.r...E.|(I.,#Y.dtY.V8.....@.1..q..q..qO.0.....j.[).e..M.}..&i.....n..{....|:...2.5-q..IXi..U_...."K.....P.j.e0..<.p$..3..>...o...4......;Och...x...FY.......E...`A..5.."..\P..o....&a......op..>.d.3.HWh..'.=.....m.K....V.....4..U.3...a.....y..0]b..-..va..P......wd.;..t.1SgV.s.>...V.J.JE..S...+.H.I..lq.E.!....B...-.K.B..._.....X......0..z..V,...8rt.{.."K.g5....-@..*.0-.....w.....)......4+v..P=...-.>.....>R.....Z.A`.......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\91b65e4e-3f35-4a6e-a6cc-4e10bbb5c54c.tmp.node

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1453056
                                                                                                                                                                                                                                                    Entropy (8bit):6.517222544789646
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:HczztZ12vAxqcdzoAyv+liT0eYiYJ869tUb/K:8zztZ12vodwW0T0NZJftm
                                                                                                                                                                                                                                                    MD5:56192831A7F808874207BA593F464415
                                                                                                                                                                                                                                                    SHA1:E0C18C72A62692D856DA1F8988B0BC9C8088D2AA
                                                                                                                                                                                                                                                    SHA-256:6AA8763714AA5199A4065259AF792292C2A7D6A2C381AA27007255421E5C9D8C
                                                                                                                                                                                                                                                    SHA-512:C82AA1EF569C232B4B4F98A3789F2390E5F7BF5CC7E73D199FE23A3F636817EDFDC2FB49CE7F69169C028A9DD5AB9F63E8F64964BB22424FC08DB71E85054A33
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z2..;\Q.;\Q.;\Q.]XP.;\Q.]_P.;\Q.]YPw;\Q.SXP.;\Q.S_P.;\Q.SYP.;\Q.]]P.;\Q.;]Q6;\QcRUP.;\QcR\P.;\QcR.Q.;\QcR^P.;\QRich.;\Q........PE..d....}*`.........." ................T.....................................................`.............................................\.......(....P.......p...............`......P...p............................7..........................@....................text............................... ..`.rdata..&J.......L..................@..@.data...dR.......<..................@....pdata.......p.......:..............@..@.rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Chromium_Cookies.zip

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):736
                                                                                                                                                                                                                                                    Entropy (8bit):7.008762320087872
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:5jasvQqphs8e9IapK9DwqFjrDtLve6MmwA99Lt/X1eED31:9dvQcJ2pgDwqRrDtLOIfF
                                                                                                                                                                                                                                                    MD5:51ED0BBFC4851D383950DAFEE68DCF9F
                                                                                                                                                                                                                                                    SHA1:E98D71C0D3FC44B83739903CD828422A809F6495
                                                                                                                                                                                                                                                    SHA-256:75F1E9A8E91C397FEA22726F04308FC7F185B9E75716D6ADC1EC6241706224BB
                                                                                                                                                                                                                                                    SHA-512:9A4AB4DC4B0769803650D13A5EFD7C9400D08C4D7626969C5CCA8AC49F918BB1EC6223D8719977F49755BBC635E5F46311DF29A7AA40C52D9DFAAEEDD31362E8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:PK........*..Y................chrome_default_Cookies.txt...Z. ...k..%L...".&.p.0.;..iB...=}...).....A...!x.UAC`..O......zj.|rp;.6]V..<....=..(.=.Q..s...MP..7...%^.kT.m....T....W...Yp..r.n............n.Hz.m.phm|N.5.k.B..g%..Gd...2..Tff].V,..PK...7XI........PK........,..Y................edge_default_Cookies.txt..OK.@......-qwgv.)...j."../A..$........(...1...{.t..q.w.=...r......m~.^...es1.......M.OS....M......<.Y..!..Y...g..R.Q.h.+0.HGV.d.....e3.%FBF.k...%>/.l.r.h.[<4.b@^%....h..0...y.Q+..+~.......k+.3qSm(.`......."1J."1..v$......PK..r...........PK..-.......*..Y.7XI.................. .......chrome_default_Cookies.txtPK..-.......,..Yr..................... .......edge_default_Cookies.txtPK..............<.....

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ayn054jk.cjp.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ecbgzao0.kwm.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fhxyfbpm.xnb.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hwhei4u1.raa.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kayy1zlf.ehk.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o5fjp22s.5d2.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pnze5esp.bat.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_unwpwsm0.pes.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\a819d0f4-7c52-44cc-9196-ee30b5d859f0.tmp.node

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):696832
                                                                                                                                                                                                                                                    Entropy (8bit):5.71955944202422
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:I7P4JLntTmvCGWJ19UOkhOXjpb277I74liAANjDaZrnOB:vJLyAq2
                                                                                                                                                                                                                                                    MD5:A3A6DC7F9B3C8E0DAA2F210E39BEA213
                                                                                                                                                                                                                                                    SHA1:EE26C3C76A73D1A0526767C6DDD58E08F0F65198
                                                                                                                                                                                                                                                    SHA-256:678B8AB500C3968A1B7CDCDB1F242E380670A49C659F305D50DAC0262974BE11
                                                                                                                                                                                                                                                    SHA-512:9ED3319DA2AEC88CC2FF591FC58BC8FCD75921551BC366FC9F20D2AE106E77D8EF32A5E32470B53434313F305CE30D9B1712BFC014919F898D726E9D7E27EAD5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........yR.*R.*R.*...+W.*...+..*...+X.*...+\.*...+[.*...+{.*...+W.*R.*..*...+P.*...+S.*..I*S.*...+S.*RichR.*................PE..d...r..e.........." .....n...P...............................................0............`.........................................`...s...h...<.......<....P...L...................f..8........................... e..8...............h.......@....................text....l.......n.................. ..`.rdata..............r..............@..@.data...!5..........................@....pdata..PU...P...V..................@..@.idata...............d..............@..@.didat...............x..............@....00cfg..Q...........................@..@_RDATA.."...........................@..@.rsrc...<...........................@..@.reloc..M...........................@..B........................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\all-files.zip

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:Zip archive data (empty)
                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                    Size (bytes):22
                                                                                                                                                                                                                                                    Entropy (8bit):1.0476747992754052
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:pjt/l:Nt
                                                                                                                                                                                                                                                    MD5:76CDB2BAD9582D23C1F6F4D868218D6C
                                                                                                                                                                                                                                                    SHA1:B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
                                                                                                                                                                                                                                                    SHA-256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
                                                                                                                                                                                                                                                    SHA-512:5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:PK....................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\b8c99cd2-c244-41ce-be97-dd8ca96501bd.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 43805
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):28748
                                                                                                                                                                                                                                                    Entropy (8bit):7.9918576871001425
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:384:SU7ZPeF1W3JgUrqaO/8dOcbwy59NjS5BMYGYycIfPhrVx2NtsEeSeFzVXe/rxd:H7peFkZL9RZSz3gnhhGcpXetd
                                                                                                                                                                                                                                                    MD5:2A37AD0EC191D53104BB46953AC6C43C
                                                                                                                                                                                                                                                    SHA1:FD23FFC5B7E4A6B45FBD88A486D15FAA51DC07AE
                                                                                                                                                                                                                                                    SHA-256:51F075EB69486CB23B32A0776782B4A1B2AF204429AB94510469E02B115E56CC
                                                                                                                                                                                                                                                    SHA-512:AEB91CB7902A800D7B0C43627EC2B52121BC41BA29A1B6ABEDBFCFA4802254A0594ED239EA7A3F8D40241E43D436428D1E4AC117BD97269D78460F82F9BDCF68
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:...........Zms.6..._..p..[.(.b[...M....N{..t ...S.......v...H.q.g:....]...p..6I8_d...C.\p.X$.2.p.g.8I}8.".D)$<..O...}.J9.3..a.i.'...x.....5O...x......I.M.!.'\.l.2.0.cN.fq....\......7..,......>.p...w&.KS.......(O.V>......O.r..V~J.`....U(..Y..MIy..w..g0e......D.,L..y..N.+..._....O.h.]...V....r................O.|.:....Li..>COy......N.h.......R....Q%.,Xr.y...G8=.A....!8(..L....c....sA....t.Vl:...v...G;...^.l...#.t.>...k..d..kr...B......Pb.0*..!..;9.....:~....j;....j.*O..!B......?....^.]....;...[.g.B...%..'.7;.9.>..gP. p8...:.5l.Y.....Jp..R,.?..b..8O......h.X(..G.).Cz.C..%....x.ET.....AEi.../..0.. ....k.*t...wl..e...H.i.F.....?.....z...?..........(../.O..R.?.4..7...j ..Q.....l..ob!..A..j...@..!).....K...MW.U.N.......W..Bh'8.'.y....Y.[o...PI..W.*...i...r.e..=.k^.WC..Uy.j..687^.z.#u5.4O...........-j.j3..L.1..F...8.......@l.9.c.aGC.R.&..j.Q-av?...[4.E..T8....u..+9.<.n.Qw.D..N..S..3.D...... .%C.j.7.Y.s(.0wq.ZI.#''#..[K.GJ ....4.....?

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\cd61b999-65c4-45ba-b558-e42d86350d8e.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 43060
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):828883
                                                                                                                                                                                                                                                    Entropy (8bit):7.985990952250326
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:8pmWnVPfZrjzSLVXQwxx1Xa3fXNt8Ps4RgRECP57ri4S5/aG0wvtUnXCf+uHrV0:8pXltHSRQw78Pdt8PnRxuVga87f+2y
                                                                                                                                                                                                                                                    MD5:AA06A22214829019782EF65F5985466C
                                                                                                                                                                                                                                                    SHA1:6CE561ECC5DB5142C184EBD49214D51D8975310B
                                                                                                                                                                                                                                                    SHA-256:C294918B57E99B530AC6BA58C41595CED4117FA4A5BA29F861695C8A1C79DBB8
                                                                                                                                                                                                                                                    SHA-512:3A45699928EDDE3EA8AD132E6EBDEE493C373C316973A42D26ABBBD8E42CE87EC68894C1B5A2B6A2F462ADDE2CBB03BBEC3A9AF996791F05822FCDFDD97FEB16
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:...........}{..6..W......b$;.Ra.K..q7.ZN.p}l..,6..%!?j.... %9N.{..={..........x.."-r.q...T.Lc........ .#X>..;.4M.n.\....."...N.x>..'<J.s.^..m4..u.HD.4...7./...`..^..=..... ....]....,......x.(.....*.z,_p.<....q........z.q.<+FQv4I+=.d ...U*...m./;.u..U.x...#.O`R+..L..._..L.9.."M:..0.n$.D.}.r.1<..)<37x......4..IT}..?..........I.=...a......g0../.,.b..QUqQ.....y,}...,.;.....z.......t......=L.}&`X.......z....N.ln....p.......- ..C......w......'..id.[..z...1......._}..s1.F_&;......U1Uy.1...Lge!...BI}E=..(...fY*\g.....$......G.=.&V..+.{.....2..r.w.].{....g...-l..M..`.......;.E3..2.@..K......0;....!i-.@6.7.[b.y.".a0...-`......C.h.....K`q..Q.WO..p.......)...E....^..*WOv.].2..oo7..g..K....qY....C...i........(....).|...w.(.x.`.D.M..a@t...n.!.......1tn.[.....l...j(.R.....,R...`._..#..8|:.z]B)..gX...V.\.....*.]........Z.e.....G?.I.....%.DU."..e:......h.._.H.OQ.s3.@......$..@Ix....DyR.B.S:..(:a@q.E.&.U1-J.NLC.C....%.c.gRI(..=8..y.d.n.X

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):211
                                                                                                                                                                                                                                                    Entropy (8bit):5.855693848687262
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:PkopYxAVSoGzPk5uoQsTn1kj7rDC80rWQxHA+sNBDM195dQZ:copYx74cvgSC8QWQKhNmXdQZ
                                                                                                                                                                                                                                                    MD5:D2B093BA6726FC3CEC7ABACB50F4160C
                                                                                                                                                                                                                                                    SHA1:64D6D65EF212B0ACB5616B5AF6B03438071CE9BA
                                                                                                                                                                                                                                                    SHA-256:076A1865389D34605DAAEBA472587C91AE8DC0BEC4303DBA68D318B418AB7A98
                                                                                                                                                                                                                                                    SHA-512:2D810E6213603FB2E77ABE851C0BC5993B75D77D0CB0201ACC2EC6EE4E8933ADC79F59FBBA073957BB93D5C423EAF4773EC46F89111ECAB0201A7EA0293B7A2C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.google.com.FALSE./.TRUE.0.NID.517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):476
                                                                                                                                                                                                                                                    Entropy (8bit):5.212724293944735
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:3op0MCJjopYxVFPopYzhlnWJZ2qwppYxTpKopYxGEopYzzJ5pYz3VoF9pYzR:BpV7nWJZ5w8TKGwJKR
                                                                                                                                                                                                                                                    MD5:06FB602BC21338A051753068591265DA
                                                                                                                                                                                                                                                    SHA1:3FE0B8EA7933288C4C48852CAD99C186D28E701D
                                                                                                                                                                                                                                                    SHA-256:873ACF231D1F8E95ED8759DD97EF52573D387F820B820A5F88E26C0A164E3772
                                                                                                                                                                                                                                                    SHA-512:4A6A52B04ADEBB38D7191B37E69BE80FDB279EC6424DAE2B3AF917DA2AB4042A61E281B9E9786EA5A9683CCD1918E70BEDE971CD28622C887A2308E43B9E6F96
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:ntp.msn.com.FALSE./edge.FALSE.0._C_Auth...msn.com.FALSE./.TRUE.0._C_ETH.1.ntp.msn.com.FALSE./.FALSE.0.sptmarket.en-US||us|en-us|en-us|en||cf=9|RefA=DFBD53F46B484F538372EDC2BDC3E866.RefC=2024-12-04T05:49:24Z..msn.com.FALSE./.TRUE.0.USRLOC...msn.com.FALSE./.TRUE.0.MUID.3DF573A4560864C2349866EF576465D3.ntp.msn.com.FALSE./.FALSE.0.MUIDB.3DF573A4560864C2349866EF576465D3..msn.com.FALSE./.FALSE.0._EDGE_S.F=1&SID=138430FC8C306F89178525B78D4A6ED1..msn.com.FALSE./.FALSE.0._EDGE_V.1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\f50a5eab-99d1-4603-8839-ae4096eadc7b.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 12587
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3280
                                                                                                                                                                                                                                                    Entropy (8bit):7.938673637935802
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:sqkKZz8Yel0T0Lep/NRoRl18zr9eAberZq:z0l0T0LvYr9Fbe1q
                                                                                                                                                                                                                                                    MD5:D1C42E18C3C565B93F63D1D3BD5354A4
                                                                                                                                                                                                                                                    SHA1:F70CFDCE1FD8DB93B7E4FA89FAE1D42F64516338
                                                                                                                                                                                                                                                    SHA-256:2E647EE00104BE49B63358AD01DA9D70AA32E36D56329663442B023B88806458
                                                                                                                                                                                                                                                    SHA-512:6522273071CB7F51EA7E8A86206814B4C9EFDD2F699DA5BF469062448E8E31C84D7567AA7F0AF7FB3E550238C8BB830555099EA2B97DB35469AEB807DBB7C685
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:...........Zmo.6..._.-..i.r...h.\....h.,b......ms#..H%...7....%.d....-K.pf8....j.._,.6.I...wo.hFIg..9K...O.G.QD. A.*h.@Co..Nnv.......D..d.._2..O......3&..i.P....;..4.iH.K.a.......4.ir.K..1.S.4.i....}J....`.#..Qoo...{.[.\.(y....&..N.c!....y..=kw~....t.?.]..p..].S.....g.....].....N.|...x..X.w...Y....k.t..{dq.../.<.}....DY......m.v..A..n....G...'.qD_...z.?.x7...}..%.{d.1.r!.[.).......[...........x...7_..L./..wG?....r..\.[...J.......2......n.~X4.x!>.<.._.....L..1|....VQ......Sb....-k.m...~.......vx.....}.E........KP.j.....,-...HN.4...(Ic.gJI.+...rNi8.....w.0.....^%....J..B".~.k..l.k.A.Y`..!..v.....a...W.1q&F..$...D&g.6`..!..X.0P...?..., ./}".4`.. 1..nv=E0.ph....?..C.fQ.w.N..C5XO$.+.......X....\mW...'Mw.}..(.<..*..r....Y8.....q7.....P?\v.$8/.a..LT.W..HPg.../.(x..v.j..F..nXD.A...5.)i.g..<.@.q_...._.......F.8.q..`B.L...Qj@.....B>.......N....>......P.9R.....).E......i6!..].!......][9......."..<..R.G_.t,....q....3..|Auf(..'T.IL.|N........gz...l.#.z.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\fd77d606-9453-490c-8007-c226cd9bde19.tmp.node

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):140288
                                                                                                                                                                                                                                                    Entropy (8bit):6.055411992765344
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:94PTD6FEzMju6bzJKjpEPeTOKvJhEnww+YbRYvPuq:94jQju6b9KilKvJurR8W
                                                                                                                                                                                                                                                    MD5:04BFBFEC8DB966420FE4C7B85EBB506A
                                                                                                                                                                                                                                                    SHA1:939BB742A354A92E1DCD3661A62D69E48030A335
                                                                                                                                                                                                                                                    SHA-256:DA2172CE055FA47D6A0EA1C90654F530ABED33F69A74D52FAB06C4C7653B48FD
                                                                                                                                                                                                                                                    SHA-512:4EA97A9A120ED5BEE8638E0A69561C2159FC3769062D7102167B0E92B4F1A5C002A761BD104282425F6CEE8D0E39DBE7E12AD4E4A38570C3F90F31B65072DD65
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............C.......C.....C................................"...C...............................................Rich............................PE..d....-!e.........." ...#.>..........XG....................................................`.............................................X.......<....`.......0..$............p..........p...............................@............P..........@....................text...`=.......>.................. ..`.rdata.......P.......B..............@..@.data...............................@....pdata..$....0......................@..@_RDATA..\....P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nlbkmzhggxlk.zip

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):304
                                                                                                                                                                                                                                                    Entropy (8bit):3.3247398005203737
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:vhjP1lt/as4K5jP1lt/9lojm9P1lt/3EWVArn3tdlt/XXvK4KV3tdlt/9l4CluRx:5j34S5j3q03G0WpJ/cVpqmIgQWSB8lC
                                                                                                                                                                                                                                                    MD5:69372D9695C0547CDD90E50F6B923885
                                                                                                                                                                                                                                                    SHA1:C78A549347AA9C5C9831E17EEB916CBDBAD4F3FA
                                                                                                                                                                                                                                                    SHA-256:02D255EF3238F9CACEDD07F753541DB2F3EC4C5A4F4D7271A8888E813B6B4029
                                                                                                                                                                                                                                                    SHA-512:625BA86D804196772031F81AC0F28C2870BD3BA41143FE1440E94D3A034EF6E0C845EF2E311068A7F554FCF90DAF3D3634412E394BF71C4EE4B6450E66B2CAE5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:PK........'..Y................Autofill/PK........'..Y................Cookies/PK........'..Y................Passwords/PK..........'..Y.........................A....Autofill/PK..........'..Y.........................A'...Cookies/PK..........'..Y.........................AM...Passwords/PK..............u.....

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\KametaSetup.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):162028032
                                                                                                                                                                                                                                                    Entropy (8bit):6.733467447219974
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1572864:2CquurbtqKajQe7vqrTU4PrCsdCXrBngPE1cG7VOWe2IkBmUgq3Fd6iU3x6VCdbm:MDAgZi
                                                                                                                                                                                                                                                    MD5:7153F5DCF75B41969A641F98F370D035
                                                                                                                                                                                                                                                    SHA1:E1D0C1D865C126BDED0376E01DCB18FC1D2F622D
                                                                                                                                                                                                                                                    SHA-256:FB7506B750512AA4807F75CB0F9401C0A34A1097E35D5EC78B468557261C50F1
                                                                                                                                                                                                                                                    SHA-512:2CBA838A3EDEBBE964BE243966976DB3C5A9AD1041ADDC467543699C182320991FA66C3A54A4C05D16818CCE395B38D3016D72E84E476F988535BF0DE811CC53
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........."......v.....................@..........................................`...........................................D.od..e.H.T............p..,.@.............`.....:.......................:.(...`...8...........P,H......iD......................text....u.......v.................. ..`.rdata...`k......bk..|..............@..@.data....bE...L.......K.............@....pdata..,.@..p....@...V.............@..@.00cfg..(............J..............@..@.gxfg....B.......B...L..............@..@.retplne.....`...........................rodata......p...................... ..`.tls................................@....voltbl.R...............................CPADinfo8...........................@...LZMADEC............................. ..`_RDATA..............................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..`.......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\LICENSE.electron.txt

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1096
                                                                                                                                                                                                                                                    Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                                                    MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                                                    SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                                                    SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                                                    SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\LICENSES.chromium.html

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6766160
                                                                                                                                                                                                                                                    Entropy (8bit):4.735324161006094
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:d7rs5kjWSnB3lWNeUmf0f6W6M6q6A6r/HXpErpem:rovj
                                                                                                                                                                                                                                                    MD5:180F8ACC70405077BADC751453D13625
                                                                                                                                                                                                                                                    SHA1:35DC54ACAD60A98AEEC47C7ADE3E6A8C81F06883
                                                                                                                                                                                                                                                    SHA-256:0BFA9A636E722107B6192FF35C365D963A54E1DE8A09C8157680E8D0FBBFBA1C
                                                                                                                                                                                                                                                    SHA-512:40D3358B35EB0445127C70DEB0CB87EC1313ECA285307CDA168605A4FD3D558B4BE9EB24A59568ECA9EE1F761E578C39B2DEF63AD48E40D31958DB82F128E0EC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\chrome_100_percent.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):129690
                                                                                                                                                                                                                                                    Entropy (8bit):7.91868310789661
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:AEKzwqCT4weSxQCS/qGTL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:AEKzwt4hC4/rK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                                                                                                    MD5:8626E1D68E87F86C5B4DABDF66591913
                                                                                                                                                                                                                                                    SHA1:4CD7B0AC0D3F72587708064A7B0A3BECA3F7B81C
                                                                                                                                                                                                                                                    SHA-256:2CAA1DA9B6A6E87BDB673977FEE5DD771591A1B6ED5D3C5F14B024130A5D1A59
                                                                                                                                                                                                                                                    SHA-512:03BCD8562482009060F249D6A0DD7382FC94D669A2094DEC08E8D119BE51BEF2C3B7B484BB5B7F805AE98E372DAB9383A2C11A63AB0F5644146556B1BB9A4C99
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..............t...#.....:.I....yp....y6....y.....y#....y.....y`....ym....y.....y.....yI....y.....y'"...y.,...y.7...y;9...yv:...y(<...y.<...y.B...yfH...y.J...y.K...y.L.....M...N...aP...IS...BV...uY...]...Pa....d..&..h..'..i..(.hk..)..l..*..m..+.An..0..n..1.....2.....>.....?.....@.....A.....B.P...C.}...D.....F.9...H.r...I.I...J.....K.....L.....M.....N.6...O.....Q..%..R..(..T..1..U..4..W..>..X..H..^..M.._..N..`.mW..a.._..b..`..c.Cb..d.$d..e.Jg..g..g..i..k..j.*m..k..n..l..p..m..s..n..s..o..u..p..v..r..y..s.|{..u..~..v.<...x.....y.....~.......r..................................8................l.....;..... ......................p.....2..... .....8.....>.......................M.......................^.......................x...r.R...s.....t.....u.K...v.....w.....x.....y.+...z.~...{.....|.....}.a...~.u....._..........._...........l...................................Y.......................;.................R.................w...........6.................].................z.......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\chrome_200_percent.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179971
                                                                                                                                                                                                                                                    Entropy (8bit):7.941375268079628
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:rDQYaEQN6AJPrSxQCS/qGTafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/r4:rDQYaNN68rC4/Ygx5GMRejnbdZnVE6YR
                                                                                                                                                                                                                                                    MD5:48515D600258D60019C6B9C6421F79F6
                                                                                                                                                                                                                                                    SHA1:0EF0B44641D38327A360AA6954B3B6E5AAB2AF16
                                                                                                                                                                                                                                                    SHA-256:07BEE34E189FE9A8789AED78EA59AD41414B6E611E7D74DA62F8E6CA36AF01CE
                                                                                                                                                                                                                                                    SHA-512:B7266BC8ABC55BD389F594DAC0C0641ECF07703F35D769B87E731B5FDF4353316D44F3782A4329B3F0E260DEAD6B114426DDB1B0FB8CD4A51E0B90635F1191D9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..............t...#.....:.t....y.....y.....y.....y.....y.....y.....y.%...y.*...y.-...yc5...y.9...y.A...y.V...yCk...y.m...y)o...yyr...y#s...y.}...y.....y....y....y................................K....!.......&.....'....(.Q...).....*.....+.*...0....1.....2.....>.....?.f...@..$..A..&..B..)..C.1/..D.M:..F..<..H.JD..I.-K..J..P..K..V..L..\..M..^..N.Vc..O.?g..Q..p..R..t..T.g|..U.X...W.....X.H...^....._.....`.....a.....b.b...c.....d.....e.....g.....i.....j.....k.....l.....m.....n.....o.....p.....r.....s.....u.....v.....x.....y.....~........*.....+...../.....4.....6.....8....T9.....9....~;.....=....q>.....@.....A....FD.....I.....M.....U.....].....c.....i.....o....Tu.....v.....w.....x.....y.....{.....|.....}..........?.........r.....s.U...t.....u.....v....w.....x....y.*...z.....{....|.<...}.....~.............1...........L..........z.................G...........X...........f.....*..........@.....................q...........Y..........W...........;........................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4891080
                                                                                                                                                                                                                                                    Entropy (8bit):6.392150637672776
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8ccA:oy904wYbZCoOI85oyI
                                                                                                                                                                                                                                                    MD5:CB9807F6CF55AD799E920B7E0F97DF99
                                                                                                                                                                                                                                                    SHA1:BB76012DED5ACD103ADAD49436612D073D159B29
                                                                                                                                                                                                                                                    SHA-256:5653BC7B0E2701561464EF36602FF6171C96BFFE96E4C3597359CD7ADDCBA88A
                                                                                                                                                                                                                                                    SHA-512:F7C65BAE4EDE13616330AE46A197EBAD106920DCE6A31FD5A658DA29ED1473234CA9E2B39CC9833FF903FB6B52FF19E39E6397FAC02F005823ED366CA7A34F62
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........c...c...c..Z....c...c../c....7..c.......c.......c..Z....c..Z...bc..Z....c..Z....c..Z...6c..Z.[..c..Z....c..Rich.c..................PE..d...-L............" ......8.........`.(...................................... K.....2.J...`A..........................................F.x.....F.P.....J.@.....H.......J..!....J......vD.p.....................<.(...P.<.8.............<.(............................text.....8.......8................. ..`.rdata...=....8..@....8.............@..@.data...@.....F.......F.............@....pdata........H.......G.............@..@.rsrc...@.....J.......I.............@..@.reloc........J.......I.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\ffmpeg.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2862080
                                                                                                                                                                                                                                                    Entropy (8bit):6.7042588011125215
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:XMoI7Qj3trgDtcfkW76fSL5Yqq6uthy4Y6NO8PyJegPTagrcjdiCOi2iNN3lzl3U:H3Kk76fUq/4TagreBOirnW
                                                                                                                                                                                                                                                    MD5:D49E7A8F096AD4722BD0F6963E0EFC08
                                                                                                                                                                                                                                                    SHA1:6835F12391023C0C7E3C8CC37B0496E3A93A5985
                                                                                                                                                                                                                                                    SHA-256:F11576BF7FFBC3669D1A5364378F35A1ED0811B7831528B6C4C55B0CDC7DC014
                                                                                                                                                                                                                                                    SHA-512:CA50C28D6AAC75F749ED62EEC8ACBB53317F6BDCEF8794759AF3FAD861446DE5B7FA31622CE67A347949ABB1098ECCB32689B4F1C54458A125BC46574AD51575
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." ......".........`.........................................B...........`A..........................................).......).(.............@.x.............A..2..D.).....................(.).(...."#.8.............).P............................text....."......."................. ..`.rdata...t....#..v....".............@..@.data...X.....*.."...n*.............@....pdata..x.....@.......*.............@..@.00cfg..(....@A......B+.............@..@.gxfg....+...PA..,...D+.............@..@.retplne\.....A......p+..................tls..........A......r+.............@....voltbl.8.....A......t+................._RDATA........A......v+.............@..@.reloc...2....A..4...x+.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\icudtl.dat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10541296
                                                                                                                                                                                                                                                    Entropy (8bit):6.277012685259397
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:ffPBQYOo+ddlymff2LfPQCvliXUxiG9Ha93Whla6ZENSs285:ffPBhORjfAHliXUxiG9Ha93Whla6ZEV7
                                                                                                                                                                                                                                                    MD5:ADFD2A259608207F256AEADB48635645
                                                                                                                                                                                                                                                    SHA1:300BB0AE3D6B6514FB144788643D260B602AC6A4
                                                                                                                                                                                                                                                    SHA-256:7C8C7B05D70145120B45CCB64BF75BEE3C63FF213E3E64D092D500A96AFB8050
                                                                                                                                                                                                                                                    SHA-512:8397E74C7A85B0A2987CAE9F2C66CE446923AA4140686D91A1E92B701E16B73A6CE459540E718858607ECB12659BEDAC0AA95C2713C811A2BC2D402691FF29DC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\libEGL.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):479232
                                                                                                                                                                                                                                                    Entropy (8bit):6.320849747462847
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:su0LAjbIkyVVR8O9v/6TiT5eU3axzvYwo:sub49/6TiQzvYX
                                                                                                                                                                                                                                                    MD5:09134E6B407083BAAEDF9A8C0BCE68F2
                                                                                                                                                                                                                                                    SHA1:8847344CCEEAB35C1CDF8637AF9BD59671B4E97D
                                                                                                                                                                                                                                                    SHA-256:D2107BA0F4E28E35B22837C3982E53784D15348795B399AD6292D0F727986577
                                                                                                                                                                                                                                                    SHA-512:6FF3ADCB8BE48D0B505A3C44E6550D30A8FEAF4AA108982A7992ED1820C06F49E0AD48D9BD92685FB82783DFD643629BD1FE4073300B61346B63320CBDB051BA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." ................p.....................................................`A........................................x.......e-..(.......x........B..............$...4...........................(...@1..8............0...............................text...E........................... ..`.rdata..,....0......................@..@.data....K....... ..................@....pdata...B.......D..................@..@.00cfg..(....`......................@..@.gxfg...0$...p...&..................@..@.retplne\............4...................tls....!............6..............@....voltbl.8............8.................._RDATA...............:..............@..@.rsrc...x............<..............@..@.reloc..$............B..............@..B........................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\libGLESv2.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7514112
                                                                                                                                                                                                                                                    Entropy (8bit):6.462467169487978
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:BuT3g23jeZ/02YPuLaw5RoD1rfEQ3CPdOEabcgsOMdi:BuDPTwLap14QzEijsvi
                                                                                                                                                                                                                                                    MD5:A5F1921E6DCDE9EAF42E2CCC82B3D353
                                                                                                                                                                                                                                                    SHA1:1F6F4DF99AE475ACEC4A7D3910BADB26C15919D1
                                                                                                                                                                                                                                                    SHA-256:50C4DC73D69B6C0189EAB56D27470EE15F99BBBC12BFD87EBE9963A7F9BA404E
                                                                                                                                                                                                                                                    SHA-512:0C24AE7D75404ADF8682868D0EBF05F02BBF603F7DDD177CF2AF5726802D0A5AFCF539DC5D68E10DAB3FCFBA58903871C9C81054560CF08799AF1CC88F33C702
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." ......X..........L.......................................s...........`A..........................................j.....N.j.d.....r.......o.PJ............r.....$.i.......................i.(.....X.8...........P.k.......j.@....................text.....X.......X................. ..`.rdata........X.......X.............@..@.data.........k..|....k.............@....pdata..PJ....o..L...No.............@..@.00cfg..(....0r.......q.............@..@.gxfg...p*...@r..,....q.............@..@.retplne\....pr.......q..................tls....:.....r.......q.............@....voltbl.D.....r.......q................._RDATA........r.......q.............@..@.rsrc.........r.......q.............@..@.reloc........r.......q.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\af.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):362355
                                                                                                                                                                                                                                                    Entropy (8bit):5.4138809970208035
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:j54QCpN9/WiHIR9a5D4+kQMGSB+jC6kAw1TUKKpg3b9xIsVxSt2y5qP3ux5tPwDV:F9CpN9OiHIRX+HMT+jC6kAw1TYpg3b9P
                                                                                                                                                                                                                                                    MD5:464E5EEABA5EFF8BC93995BA2CB2D73F
                                                                                                                                                                                                                                                    SHA1:3B216E0C5246C874AD0AD7D3E1636384DAD2255D
                                                                                                                                                                                                                                                    SHA-256:0AD547BB1DC57907ADEB02E1BE3017CCE78F6E60B8B39395FE0E8B62285797A1
                                                                                                                                                                                                                                                    SHA-512:726D6C41A9DBF1F5F2EFF5B503AB68D879B088B801832C13FBA7EB853302B16118CACDA4748A4144AF0F396074449245A42B2FE240429B1AFCB7197FA0CB6D41
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........].h.(...i.0...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z.....|.....}................................................................... .....M.....Z.....i.....z...........................................................!.....4.....T.....[.....k.....{...........................................................$.....4.....B.....x.............................................................................2.....K.....g.....u.....}........................................................... .....0.....L.....a.......................................................................9.....N.....g.....n.....q.....r.....~.........................................D.....L.......................................................................'.....<.....^.....q................................................... .....".....%.D...(.`...*.....+.....,.........../.....0.....1.....3.....4.+...5.F...6.....7.....8.....9.....<.....=.....>.....?.....@.....A.8...C.`...D.g.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\am.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):583572
                                                                                                                                                                                                                                                    Entropy (8bit):4.947180410657857
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:QqhqEuPxT8xZTtWosuF9Q5m9yAAVzfukCQox30jH8+I:Zh8T8xTWoZF9Q5m9yAAVzXCQ0
                                                                                                                                                                                                                                                    MD5:2C933F084D960F8094E24BEE73FA826C
                                                                                                                                                                                                                                                    SHA1:91DFDDC2CFF764275872149D454A8397A1A20AB1
                                                                                                                                                                                                                                                    SHA-256:FA1E44215BD5ACC7342C431A3B1FDDB6E8B6B02220B4599167F7D77A29F54450
                                                                                                                                                                                                                                                    SHA-512:3C9ECFB0407DE2AA6585F4865AD54EEB2EC6519C9D346E2D33ED0E30BE6CC3EBFED676A08637D42C2CA8FA6CFEFB4091FEB0C922FF71F09A2B89CDD488789774
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........Q.h.@...i.K...j.W...k.f...l.q...n.y...o.~...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................&.....-.....4.....5.....6.....;.....g........................................./.....7.....|...............................................A.....a.....q............................./.....R.....d.....m.............................4.....@.....O.....e...............................................I.....{............................................... .....3.....h.....w.............................:.....R.............................).....H.....n.....q.......................'.....G.....p.....w.....z.....{.........................................l.................".....B....._.....................................................;.....c.................).....u....................................... .....".0...%.f...(.....*.....+.....,.........../.....0.1...1.....3.....4.....5.....6.{...7.....8.....9.....;.....<.....=.5...>.o...?.y...@.....A.....C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\ar.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):639744
                                                                                                                                                                                                                                                    Entropy (8bit):4.950537001099058
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:K+sgtqIj5/XvYUtOkQIkqBJ5SNbW+eTtvZEMgSENjM:KD4Fek75z+K
                                                                                                                                                                                                                                                    MD5:FDBAD4C84AC66EE78A5C8DD16D259C43
                                                                                                                                                                                                                                                    SHA1:3CE3CD751BB947B19D004BD6916B67E8DB5017AC
                                                                                                                                                                                                                                                    SHA-256:A62B848A002474A8EA37891E148CBAF4AF09BDBA7DAFEBDC0770C9A9651F7E3B
                                                                                                                                                                                                                                                    SHA-512:376519C5C2E42D21ACEDB1EF47184691A2F286332451D5B8D6AAC45713861F07C852FB93BD9470FF5EE017D6004ABA097020580F1BA253A5295AC1851F281E13
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........~.z.h.....i.....j.....k.....l.....n.'...o.,...p.9...r.?...s.P...t.Y...v.n...w.{...y.....z.....|.....}...................................................................).....B....._.........................................-....._.....b.....f.........................................0.....G...................................................../.....O...............................................-.....7.....g.............................5.....`...............................................K.....[.....r.............................a.........................................".....=.....\.....w.................................................................V.......................o.............................<.....Y.....i.....q.....}.......................<.....^.........................................<.....M... ._...".|...%.....(.....*.M...+.P...,.n........./.....0.....1.....3.....4.=...5.d...6.....7.....8.....9.6...;.Q...<.r...=.....>.....?.....@.....A.....C.....D.....E.Y...F...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\bg.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):667826
                                                                                                                                                                                                                                                    Entropy (8bit):4.715111408941832
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:MMq8w2kMLlYrdAs1aQUx41aVVwslMLOmFOMw35uKN31tfbDMxbV2Jfu64Kjz5fS+:MMqckulYrdAs1aQUmBsmRw35uK7Jgxho
                                                                                                                                                                                                                                                    MD5:38BCABB6A0072B3A5F8B86B693EB545D
                                                                                                                                                                                                                                                    SHA1:D36C8549FE0F69D05FFDAFFA427D3DDF68DD6D89
                                                                                                                                                                                                                                                    SHA-256:898621731AC3471A41F8B3A7BF52E7F776E8928652B37154BC7C1299F1FD92E1
                                                                                                                                                                                                                                                    SHA-512:002ADBDC17B6013BECC4909DAF2FEBB74CE88733C78E968938B792A52C9C5A62834617F606E4CB3774AE2DAD9758D2B8678D7764BB6DCFE468881F1107DB13EF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........S.h.<...i.D...j.P...k._...l.j...n.r...o.w...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................&.....-.........../.....4.........................................:.....F.....P.........................................Q.....]...................................,.....V.........................................7...................................9.....?.....M.....a.......................9.....i.........................................(.....N.....x.......................=.....X.....n.......................Z.....s...................................8.....h.......................+.....2.....5.....6.....J.....`.....|.................(...........B.....N.................>...................................,.....6.....j.................7.....s.................?.....Q.....g..................... .....".....%.U...(.....*.....+.....,....... .../.N...0.W...1.....3.....4.....5.N...6.....7.....8.....9.@...;.m...<.....=.....>.....?.....@.....A.D...C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\bn.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):858553
                                                                                                                                                                                                                                                    Entropy (8bit):4.32277927640417
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:6gGTLRFbMdhBVHvr5eSnC6PRWhk7Bbd8+D95H0XluZ:YWBlvr5FCYRWuBbdB5wl2
                                                                                                                                                                                                                                                    MD5:9340520696E7CB3C2495A78893E50ADD
                                                                                                                                                                                                                                                    SHA1:EED5AEEF46131E4C70CD578177C527B656D08586
                                                                                                                                                                                                                                                    SHA-256:1EA245646A4B4386606F03C8A3916A3607E2ADBBC88F000976BE36DB410A1E39
                                                                                                                                                                                                                                                    SHA-512:62507685D5542CFCD394080917B3A92CA197112FEEA9C2DDC1DFC77382A174C7DDF758D85AF66CD322692215CB0402865B2A2B212694A36DA6B592028CAAFCDF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........].h.(...i.9...j.E...k.T...l._...n.g...o.m...p.z...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................!.....(.....).....*...../.......................9.....K.....g.............................R.....T.....X.......................&.....[.............................E.....x.......................-.....O.....}.................e.....t.........................................5.....q.................2.....r.........................................-.....I.......................x...............................................@.....r.............................5.....c...............................................6.....M.....n.................1.....I.......................f.........................................@.................i...............................................J.....h... .}...".....%.....(.P...*.....,.........../.....0.....1.....3.....4.....5.^...6.....7.....8.u...9.....;.....<.....=.....>.R...?.e...@.....A.....C.c...D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\ca.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):409695
                                                                                                                                                                                                                                                    Entropy (8bit):5.417085582145732
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:bgoRVrijIs3cejEYBCqS4o3nbhjJSwHQliEwfwVEMXdLbpuQ16BtryBiGIle3nei:b3GQUwJAMNTCypxB5WMml
                                                                                                                                                                                                                                                    MD5:4CD6B3A91669DDCFCC9EEF9B679AB65C
                                                                                                                                                                                                                                                    SHA1:43C41CB00067DE68D24F72E0F5C77D3B50B71F83
                                                                                                                                                                                                                                                    SHA-256:56EFFF228EE3E112357D6121B2256A2C3ACD718769C89413DE82C9D4305459C6
                                                                                                                                                                                                                                                    SHA-512:699BE9962D8AAE241ABD1D1F35CD8468FFBD6157BCD6BDF2C599D902768351B247BAAD6145B9826D87271FD4A19744EB11BF7065DB7FEFB01D66D2F1F39015A9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........R.h.>...i.F...j.R...k.a...l.l...n.t...o.y...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................!.....(...../.....0.....1.....3.....\.....v...............................................&.....D.....F.....J.....r.....................................................%.....5.....S.....n.....q.....{.........................................%.....5.....8.....;.....D.....X.....n.....................................................#.....5.....D.....U.....k.....r...................................'.....H.....Q.....b.....u.....................................................).....0.....3.....4.....=.....F.....N.....T.....f.................,.....4.....o.........................................$...../.....4.....J.....t.............................%.....>.....C.....M.....^.....z......... .....".....%.....(.....*.....+.....,.&.....P.../.m...0.r...1.....3.....4.....5.....6.1...7.B...8.V...9.h...;.v...<.....=.....>.....?.....@.....A.....C.....D.&...E.Z.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\cs.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):419829
                                                                                                                                                                                                                                                    Entropy (8bit):5.845882900283008
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:RquUIAMYOnQYeAIV4g558YwGKNDsku8Qy:Rq/IA5On504g558YwbNDsC
                                                                                                                                                                                                                                                    MD5:EEEE212072EA6589660C9EB216855318
                                                                                                                                                                                                                                                    SHA1:D50F9E6CA528725CED8AC186072174B99B48EA05
                                                                                                                                                                                                                                                    SHA-256:DE92F14480770401E39E22DCF3DD36DE5AD3ED22E44584C31C37CD99E71C4A43
                                                                                                                                                                                                                                                    SHA-512:EA068186A2E611FB98B9580F2C5BA6FD1F31B532E021EF9669E068150C27DEEE3D60FD9FF7567B9EB5D0F98926B24DEFABC9B64675B49E02A6F10E71BB714AC8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........s.h.....i.....j.....k.....l.*...n.2...o.7...p.D...r.J...s.[...t.d...v.y...w.....y.....z.....|.....}.........................................................................+.....;.....M....._.....h.....u...............................................G.....].....{.....................................................1.....@.....F.....M.....^.....p.................................................................0.....E.....[.....t.................................................................+.....6.....H.........................................".....(.....4.....@.....P.....u.....x.........................................................................................].......................A.....^.....z...............................................!.....G.....b.............................,.....3.....=.....J.....g.....q... .y...".....%.....(.....*.....+.....,.......(.../.?...0.I...1.....3.....4.....5.....6.....7. ...8.6...9.L...<.^...=.h...>.}...?.....@.....A.....C.....D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\da.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):380107
                                                                                                                                                                                                                                                    Entropy (8bit):5.46366244634788
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:czP4qlrn8+ua0swlGVJJwoXlw5CvET5VTrBGzO7iJyd4tTWwT:dqlr89JklwH55rETL
                                                                                                                                                                                                                                                    MD5:E7BA94C827C2B04E925A76CB5BDD262C
                                                                                                                                                                                                                                                    SHA1:ABBA6C7FCEC8B6C396A6374331993C8502C80F91
                                                                                                                                                                                                                                                    SHA-256:D8DA7AB28992C8299484BC116641E19B448C20ADF6A8B187383E2DBA5CD29A0B
                                                                                                                                                                                                                                                    SHA-512:1F44FCE789CF41FD62F4D387B7B8C9D80F1E391EDD2C8C901714DD0A6E3AF32266E9D3C915C15AD47C95ECE4C7D627AA7339F33EEA838D1AF9901E48EDB0187E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........H.h.R...i.c...j.o...k.~...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...................'...../.....7.....>.....E.....L.....M.....N.....P.....y...........................................................+.....-.....1.....Y.....n.................................................................-.....3.....;.....K.....o.......................................................................,.....C.....Y.....s.............................................................................?.....H.....i................................................................. .....+.....?.....Q.....e.....l.....o.....p.....w.........................................S.....W.................................................................".....?.....V...............................................".....5.....?... .C...".K...%.f...(.....*.....+.....,.........../.....0.....1.9...3.E...4._...5.w...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.(...A._...C.|...D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\de.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):406584
                                                                                                                                                                                                                                                    Entropy (8bit):5.519300999448185
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:V3JEmQ1hqVK+6aU8WUmzg3ELWzhqY305QgfXlIsCJd:V5t6sKXaK/LWy5POsCJd
                                                                                                                                                                                                                                                    MD5:CF22EC11A33BE744A61F7DE1A1E4514F
                                                                                                                                                                                                                                                    SHA1:73E84848C6D9F1A2ABE62020EB8C6797E4C49B36
                                                                                                                                                                                                                                                    SHA-256:7CC213E2C9A2D2E2E463083DD030B86DA6BBA545D5CEE4C04DF8F80F9A01A641
                                                                                                                                                                                                                                                    SHA-512:C10C8446E3041D7C0195DA184A53CFBD58288C06EAF8885546D2D188B59667C270D647FA7259F5CE140EC6400031A7FC060D0F2348AB627485E2207569154495
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........S...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.+...y.1...z.@...|.F...}.X.....`.....e.....m.....u.....}............................................................................./.....7.....@.....f.....|.....~.....................................................%.....M.....a.....o...............................................8.....L.....S.....^.....v.....................................................6....._.......................................................................7.....H.....a.....r...............................................".....5.....K....._.....x.................................................................?.............................#.....M.....x...........................................................(.....F.....j............................................. .....".....%.1...(.N...*.q...+.t...,.........../.....0.....1.....3.....4.....5.7...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.....A.>...C.]...D.g.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\el.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):729549
                                                                                                                                                                                                                                                    Entropy (8bit):4.799528683257041
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:AQbueXYquNw2202pgtZBAujt4NIbsJvaP5A3HRsgQiEYQ3C1gf2ns4CfFnx1Xu2v:B2quNw2202pgtHAujmNrJvaRA3HRsDik
                                                                                                                                                                                                                                                    MD5:E66A75680F21CE281995F37099045714
                                                                                                                                                                                                                                                    SHA1:D553E80658EE1EEA5B0912DB1ECC4E27B0ED4790
                                                                                                                                                                                                                                                    SHA-256:21D1D273124648A435674C7877A98110D997CF6992469C431FE502BBCC02641F
                                                                                                                                                                                                                                                    SHA-512:D3757529DD85EF7989D9D4CECF3F7D87C9EB4BEDA965D8E2C87EE23B8BAAEC3FDFF41FD53BA839215A37404B17B8FE2586B123557F09D201B13C7736C736B096
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........U.h.8...i.@...j.J...k.Y...l.d...n.l...o.q...p.~...r.....s.....t.....v.....w.....y.....z.....|.....}........................................... .....'.....(.....).....+.............................&.....O.....~.........................................9.....g.............................1.....H.............................<.....T.....b......................./.....h.....p.........................................+.....].......................t.................................../.....T.....m.......................:.....].....n.................>.........................................".....E.....h.............................#.....&.....'.....C.....].....o.................4...........X.....h...........>.....x.................7.....P.....d.....w......................./.....................................................V.....k... .~...".....%.....(.....*.s...+.v...,.........../.....0.3...1.....3.....4.!...5._...6.....7.....8.=...9.\...;.....<.....=.....>.....?.....@.>...A.~...C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\en-GB.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):331921
                                                                                                                                                                                                                                                    Entropy (8bit):5.529632303060999
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:k6QL0f35ubiwMP9egutWbfaYX2YBB5HXSdBruC:6LduwMetW92M53SuC
                                                                                                                                                                                                                                                    MD5:825ED4C70C942939FFB94E77A4593903
                                                                                                                                                                                                                                                    SHA1:7A3FAEE9BF4C915B0F116CB90CEC961DDA770468
                                                                                                                                                                                                                                                    SHA-256:E11E8DB78AE12F8D735632BA9FD078EC66C83529CB1FD86A31AB401F6F833C16
                                                                                                                                                                                                                                                    SHA-512:41325BEC22AF2E5EF8E9B26C48F2DFC95763A249CCB00E608B7096EC6236AB9A955DE7E2340FD9379D09AC2234AEE69AED2A24FE49382FFD48742D72A929C56A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............h.....i.....j.....k.....l.....n.....o.#...p.0...r.6...s.G...t.P...v.e...w.r...y.x...z.....|.....}.....................................................................................$.....4.....;.....D.....[.....c.....m.......................................................................&.....A.....S.....b.....|.......................................................................(.....,...../.....5.....E.....T.....b.....{.............................................................................$.....S.....].....i.................................................................0.....@.....P.....e.....z.............................................................................A.....H.....x.............................................................................@.....U.....l............................................. .....".....%.....(.....*.6...+.9...,.W.....h.../.v...0.....1.....3.....4.....5.....6.....7.....8.C...9.P...;.a...<.i...=.t...>.....?.....@.....A...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\en-US.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):334693
                                                                                                                                                                                                                                                    Entropy (8bit):5.521172766448584
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:Mvneu710gxhmrunGeuMP9eczCPMfaYbg3In5N+Sqn8BcwS:Ml0gxvNuMbCPmgA5YSNcwS
                                                                                                                                                                                                                                                    MD5:19D18F8181A4201D542C7195B1E9FF81
                                                                                                                                                                                                                                                    SHA1:7DEBD3CF27BBE200C6A90B34ADACB7394CB5929C
                                                                                                                                                                                                                                                    SHA-256:1D20E626444759C2B72AA6E998F14A032408D2B32F957C12EC3ABD52831338FB
                                                                                                                                                                                                                                                    SHA-512:AF07E1B08BBF2DD032A5A51A88EE2923650955873753629A086CAD3B1600CE66CA7F9ED31B8CA901C126C10216877B24E123144BB0048F2A1E7757719AAE73F2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........&...h.>...i.F...j.R...k.a...l.l...n.t...o.y...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................!.....(...../.....0.....1.....6.....^.....k.....z................................................................. .....0.....G.....K.....V.....f.....m.....y.................................................................C.....V.....Z.....b.....n.....{.............................................................................$.....+.....1.....:.....E.....b.....i.....x.........................................3.....<.....E.....O.....].....p.....s...............................................................................................@.....m...........................................................%.....*...........>.....X.....q.....................................................&......... .2...".;...%.[...(.r...*.....+.....,.........../.....0.....1.....3.....4.)...5.@...6.r...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.!.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\es-419.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):404903
                                                                                                                                                                                                                                                    Entropy (8bit):5.392122812912978
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:75rkwZKG5KJo0ZyFPK9zj4rMY4rjyujd8pyPWncpwwfNEOv553l50GLFddhRIHKj:t1K2YZIK9BYgapFGl5dLFddA7Fcp
                                                                                                                                                                                                                                                    MD5:7DA3E8AA47BA35D014E1D2A32982A5BB
                                                                                                                                                                                                                                                    SHA1:8E35320B16305AD9F16CB0F4C881A89818CD75BB
                                                                                                                                                                                                                                                    SHA-256:7F85673CF80D1E80ACFC94FB7568A8C63DE79A13A1BB6B9D825B7E9F338EF17C
                                                                                                                                                                                                                                                    SHA-512:1FCA90888EB067972BCCF74DD5D09BB3FCE2CEB153589495088D5056ED4BDEDE15D54318AF013C2460F0E8B5B1A5C6484ADF0ED84F4B0B3C93130B086DA5C3BF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........=.h.h...i.q...j.}...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}. .....(.....-.....5.....=.....E.....L.....S.....Z.....[.....\.....^...........................................................'.....>.....@.....D.....p...........................................................(.....H.....b.....g.....o.........................................#.....9.....N.....T.....W.....].....t...................................@.....P.....V.....^.....e.....x...............................................&.....2.....a.................................................................1.....I....._.....f.....i.....j.....s.....|.............................0.....t.....|.......................3.....B.....\.....m.....x.........................................*.....I............................................. .....".....%.(...(.A...*.]...+.`...,.~........./.....0.....1.....3.....4.3...5.V...6.....7.....8.....9.....;.....<.....=.....>.!...?.+...@.@...A.s...C.....D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\es.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):404348
                                                                                                                                                                                                                                                    Entropy (8bit):5.362527979144936
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:/Q0DA42b4XUx+SCHgfUcp9Ch48BKjbu5mrj7o2oxjm6PZqJ:YK2b40P9pchXgjbu5mrroNSJ
                                                                                                                                                                                                                                                    MD5:04A9BA7316DC81766098E238A667DE87
                                                                                                                                                                                                                                                    SHA1:24D7EB4388ECDFECADA59C6A791C754181D114DE
                                                                                                                                                                                                                                                    SHA-256:7FA148369C64BC59C2832D617357879B095357FE970BAB9E0042175C9BA7CB03
                                                                                                                                                                                                                                                    SHA-512:650856B6187DF41A50F9BED29681C19B4502DE6AF8177B47BAD0BF12E86A25E92AA728311310C28041A18E4D9F48EF66D5AD5D977B6662C44B49BFD1DA84522B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........J.h.N...i.V...j.b...k.q...l.|...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................".....*.....1.....8.....?.....@.....A.....C.....r...........................................................2.....4.....8.....`.................................................................:.....T.....Y.....a.....s...............................................&.....,...../.....5.....L.....k............................. .....0.....6.....>.....E.....X.....e.....v...............................................F.....m.....x.................................................................B.....I.....L.....M.....V....._.....h.....o.......................k.....s.......................).....8.....R.....c.....n.....z.........................................2.....f....................................... .....".....%.....(.!...*.@...+.C...,.a.....{.../.....0.....1.....3.....4.....5."...6.n...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.B...C.i...D.s.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\et.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):365447
                                                                                                                                                                                                                                                    Entropy (8bit):5.471951090286899
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:U/RGRpph+2n4x6i05L9H4h+JbT/R/WiMMn5bjN43qcLQ6PQX:8R6pHnpcmzn5bjh
                                                                                                                                                                                                                                                    MD5:CCC71F88984A7788C8D01ADD2252D019
                                                                                                                                                                                                                                                    SHA1:6A87752EAC3044792A93599428F31D25DEBEA369
                                                                                                                                                                                                                                                    SHA-256:D69489A723B304E305CB1767E6C8DA5D5D1D237E50F6DDC76E941DCB01684944
                                                                                                                                                                                                                                                    SHA-512:D35CCD639F2C199862E178A9FAB768D7DB10D5A654BC3BC1FAB45D00CEB35A01119A5B4D199E2DB3C3576F512B108F4A1DF7FAF6624D961C0FC4BCA5AF5F0E07
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........8.h.r...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|. ...}.2.....:.....?.....G.....O.....W.....^.....e.....l.....m.....n.....p.....................................................+.....b.....x.....z.....~.....................................................3.....C.....U.....k.....x.....~................................................................. .....#.....*.....>.....Q.....c.....|.................................................................(.....3.....?.....f.....s.....................................................1.....4.....D.....T.....c.....x.......................................................................S...................................5.....A.....L.....P.....Z....._.....b.....r...................................3.....M.....R.....Z.....l............... .....".....%.....(.....*.....+.....,.<.....V.../.n...0.{...1.....3.....4.....5.....6.....7.5...8.N...9.a...;.t...<.....=.....>.....?.....@.....A.....C.....D.%.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\fa.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):591476
                                                                                                                                                                                                                                                    Entropy (8bit):5.080621083768775
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:HniDys0XVX9nuyaXTfwIDwNUWGOGfStQvjy1feKtDmrwMTAKzIxRAQiHedNu36Xp:HneM3uyaXTfwewNUWGOGfStQvjy1feKn
                                                                                                                                                                                                                                                    MD5:2E37FD4E23A1707A1ECCEA3264508DFF
                                                                                                                                                                                                                                                    SHA1:E00E58ED06584B19B18E9D28B1D52DBFC36D70F3
                                                                                                                                                                                                                                                    SHA-256:B9EE861E1BDECFFE6A197067905279EA77C180844A793F882C42F2B70541E25E
                                                                                                                                                                                                                                                    SHA-512:7C467F434EB0CE8E4A851761AE9BD7A9E292AAB48E8E653E996F8CA598D0EB5E07EC34E2B23E544F3B38439DC3B8E3F7A0DFD6A8E28169AA95CEFF42BF534366
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........^...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.;...y.A...z.P...|.V...}.h.....p.....u.....}...........................................................'.....Q.....`.....i...................................".....*.....R.....u.........................................Q.....y.........................................(...........................................................K.....l.......................,....._.....z..........................................................._.....v.............................K.....g.....v.........................................(.....I.....a.....~.....................................................F........... .....3.......................*.....B.....c.....k.....~...................................X.....~.................#.....-.....3.....M.....{......... .....".....%.....(.....*.\...+._...,.}........./.....0.....1.....3.....4._...5.....6.....7.)...8.b...9.{...;.....<.....=.....>.....?.....@.....A.E...C.....D.....E...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\fi.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):374471
                                                                                                                                                                                                                                                    Entropy (8bit):5.4357475905490436
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:sMeOXrZx5SkDbhCwx+sk/bOE/BanTLLE5lJucHcEJ18OWUczfSUWcX1wR2:snAr15wRBaA5lJxHcEJ18OWUII2
                                                                                                                                                                                                                                                    MD5:21E534869B90411B4F9EA9120FFB71C8
                                                                                                                                                                                                                                                    SHA1:CC91FFBD19157189E44172392B2752C5F73984C5
                                                                                                                                                                                                                                                    SHA-256:2D337924139FFE77804D2742EDA8E58D4E548E65349F827840368E43D567810B
                                                                                                                                                                                                                                                    SHA-512:3CA3C0ADAF743F92277452B7BD82DB4CF3F347DE5568A20379D8C9364FF122713BEFD547FBD3096505EC293AE6771ADA4CD3DADAC93CC686129B9E5AACF363BD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........k...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.0...t.9...v.N...w.[...y.a...z.p...|.v...}...........................................................................................)...../.....8.....U.....\.....l.........................................".....'.....5.....?.....N.....Z........................................................... .....-.....5.....<.....N.....f.....j.....t.....z.........................................7.....A.....F.....N.....U.....a.....n.....{.............................................../.....Q.....Y.....i.....u......................................................................................... .....'.....6.............................b.....t...........................................................(.....D.....f.....}................................................... .....".2...%.^...(.{...*.....+.....,.........../.....0.....1.:...3.H...4.d...5.~...6.....7.....8.....9.....;.0...<.@...=.L...>.b...?.k...@.....A.....C.....D.....E...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\fil.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):419886
                                                                                                                                                                                                                                                    Entropy (8bit):5.213443304857257
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:BnI+f5Qm2xaVyEDQftIK9bSNxeFXGvZ3Omy5GzmHYFAk1s8:C+f541e+b4xy5ym8
                                                                                                                                                                                                                                                    MD5:D7DF2EA381F37D6C92E4F18290C6FFE0
                                                                                                                                                                                                                                                    SHA1:7CACF08455AA7D68259FCBA647EE3D9AE4C7C5E4
                                                                                                                                                                                                                                                    SHA-256:DB4A63FA0D5B2BABA71D4BA0923CAED540099DB6B1D024A0D48C3BE10C9EED5A
                                                                                                                                                                                                                                                    SHA-512:96FC028455F1CEA067B3A3DD99D88A19A271144D73DFF352A3E08B57338E513500925787F33495CD744FE4122DFF2D2EE56E60932FC02E04FEED2EC1E0C3533F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............h.....i.....j.....k.-...l.8...n.@...o.E...p.R...r.X...s.i...t.r...v.....w.....y.....z.....|.....}.........................................................................).....6.....K.....a.....h.....q.....................................................'.....D.....J.....[.....q.....{...............................................#.....5.....N.....d...........................................................$.....8.....Q.....v.................................................................,.....7.....W.........................................4.....D.....R.....`.....u...............................................-.....4.....7.....8.....B.....L.....V.....a.....j.....{.................T.....\........................................."...../.....9.....?.....X.....~.............................C.....b.....i.....t..................... .....".....%.....(.....*.5...+.8...,.V.....n.../.....0.....1.....3.....4.....5.....6.I...7._...8.{...9.....;.....<.....=.....>.....?.....@.....A.*.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\fr.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):436450
                                                                                                                                                                                                                                                    Entropy (8bit):5.4004782148030905
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:LKi1uIt6QuagV1ZzosmZ7MYnYV1S3Bb5MxlqE0wC5wZLljHnkH0oR5FEu64JGV7h:qVVQ515CF
                                                                                                                                                                                                                                                    MD5:3EE48A860ECF45BAFA63C9284DFD63E2
                                                                                                                                                                                                                                                    SHA1:1CB51D14964F4DCED8DEA883BF9C4B84A78F8EB6
                                                                                                                                                                                                                                                    SHA-256:1923E0EDF1EF6935A4A718E3E2FC9A0A541EA0B4F3B27553802308F9FD4FC807
                                                                                                                                                                                                                                                    SHA-512:EB6105FACA13C191FEF0C51C651A406B1DA66326BB5705615770135D834E58DEE9BED82AA36F2DFB0FE020E695C192C224EC76BB5C21A1C716E5F26DFE02F763
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.........._.h.$...i.5...j.A...k.P...l.[...n.c...o.h...p.u...r.{...s.....t.....v.....w.....y.....z.....|.....}............................................................. .....".....G.....W.....e.....w...........................................................+.....>.....\.....c.....q.........................................#.....?.....A.....T.....h.....t...........................................................+.....=.....N.....r...........................................................(.....G.....O....._.........................................H.....Z.....d.....q.....................................................!.....(.....+.....,.....4.....<.....E.....L....._.................#.....*.....j...........................................................#.....H.....d.......................2.....I.....P.....Y.....j............... .....".....%.....(.....*.....+.....,.-.....D.../.i...0.w...1.....3.....4.....5.....6.Q...7.b...8.z...9.....;.....<.....=.....>.....?.....@.....A.G...C.n...D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\gu.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):832533
                                                                                                                                                                                                                                                    Entropy (8bit):4.370164270379204
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:RqlNvTn1Pdm06M0ITsKMaWZKerbtsMhmksd4Mqz2sQmB51jvjsWnhAgfZw/g/I/f:RuN7n1VQFLFwsL5cqhgrA8
                                                                                                                                                                                                                                                    MD5:308619D65B677D99F48B74CCFE060567
                                                                                                                                                                                                                                                    SHA1:9F834DF93FD48F4FB4CA30C4058E23288CF7D35E
                                                                                                                                                                                                                                                    SHA-256:E40EE4F24839F9E20B48D057BF3216BC58542C2E27CB40B9D2F3F8A1EA5BFBB4
                                                                                                                                                                                                                                                    SHA-512:3CA84AD71F00B9F7CC61F3906C51B263F18453FCE11EC6C7F9EDFE2C7D215E3550C336E892BD240A68A6815AF599CC20D60203294F14ADB133145CA01FE4608F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........T.h.:...i.T...j.`...k.o...l.z...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}......................... .....(...../.....6.....=.....>.....?.....D.......................0.....E.....[.......................+.....c.....e.....q.......................8.....p...................................Q...................................<.....X.................%.....>.....c...................................*.....U.......................w...............................................g.....v.......................Q.................D.............................%.....O.....R.....r.............................+.....2.....5.....7.....P.....i.......................H...........\.....~...........S.................%.....E.....N.....o.....{.......................O.................;.......................*.....M.....o......... .....".....%.....(.Y...*.....+.....,.........../.1...0.Y...1.....3.....4.....5.;...6.....7.....8.,...9.T...;.....<.....=.....>.....?.....@.0...A.....C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\he.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):519468
                                                                                                                                                                                                                                                    Entropy (8bit):4.6902065244805256
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:iDIJk5rUp/mTLa2/ANNqOL607Af6XVjeQCapb1527oFpMbe54lmdADnwg5Qgx:7205KoM
                                                                                                                                                                                                                                                    MD5:FC84EA7DC7B9408D1EEA11BEEB72B296
                                                                                                                                                                                                                                                    SHA1:DE9118194952C2D9F614F8E0868FB273DDFAC255
                                                                                                                                                                                                                                                    SHA-256:15951767DAFA7BDBEDAC803D842686820DE9C6DF478416F34C476209B19D2D8C
                                                                                                                                                                                                                                                    SHA-512:49D13976DDDB6A58C6FDCD9588E243D705D99DC1325C1D9E411A1D68D8EE47314DFCB661D36E2C4963C249A1542F95715F658427810AFCABDF9253AA27EB3B24
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........|.|.h.....i.....j.....k.....l.!...n.)...o.....p.;...r.A...s.R...t.[...v.p...w.}...y.....z.....|.....}.........................................................................8.....O.....h............................................... .....".....&.....N.....j.........................................B.....[.....p...............................................G.....o.....w...............................................).....E.....y.............................$.....,.....3.....?.....V.....r...................................!.....D.....h...................................7.....W.....Z.....m............................................................................./.................e.....o.......................E.....X.....p.....v.........................................@.....Z...................................#.....J.....U... .g...".....%.....(.....*.....+.....,.......#.../.C...0.P...1.....3.....4.....5.....6.9...7.R...8.g...9.{...;.....<.....=.....>.....?.....@.....A.x...C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\hi.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):868673
                                                                                                                                                                                                                                                    Entropy (8bit):4.359937106090665
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:FugBVdK+X9c+XdfdkhSvf4QAEm5dmGrsUt3GR3GXO7NLdYnLsBPtv83ctKOf4z8d:cuVAsc+NZB5/5MNSD
                                                                                                                                                                                                                                                    MD5:B5DFCE8E3BA0AEC2721CC1692B0AD698
                                                                                                                                                                                                                                                    SHA1:C5D6FA21A9BA3D526F3E998E3F627AFB8D1EECF3
                                                                                                                                                                                                                                                    SHA-256:B1C7FB6909C8A416B513D6DE21EEA0B5A6B13C7F0A94CABD0D9154B5834A5E8B
                                                                                                                                                                                                                                                    SHA-512:FACF0A9B81AF6BB35D0FC5E69809D5C986A2C91A166E507784BDAD115644B96697FE504B8D70D9BBB06F0C558F746C085D37E385EEF41F0A1C29729D3D97980F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........y...h.....i.....j.....k.....l.....n.#...o.(...p.5...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}.........................................................................t...................................A.....d.....~.............................4.....c...................................d.......................l...................................J........... .....9.....H.....p...................................P.......................g.........................................+.....K.......................P.....u.......................l.......................9.....b...................................C.....m...............................................#.....D.................&.....<.................N.................................../.....A.....s...........................................................*.....R.....q... .....".....%.....(.6...*.s...+.v...,.........../.....0.5...1.....3.....4.....5.@...6.....7.....8.:...9._...;.....<.....=.....>.....?.....@.8...A.|...C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\hr.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):406671
                                                                                                                                                                                                                                                    Entropy (8bit):5.521226257186607
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:z9mYpq0ZkIEZgVRTJ3MOS+WG0uPXbG4TT6WI6DkYAiKbeM/wXbnWNjdmvW0IEifp:zTEgNmW/5tE7IDjG
                                                                                                                                                                                                                                                    MD5:255F808210DBF995446D10FF436E0946
                                                                                                                                                                                                                                                    SHA1:1785D3293595F0B13648FB28AEC6936C48EA3111
                                                                                                                                                                                                                                                    SHA-256:4DF972B7F6D81AA7BDC39E2441310A37F746AE5015146B4E434A878D1244375B
                                                                                                                                                                                                                                                    SHA-512:8B1A4D487B0782055717B718D58CD21E815B874E2686CDFD2087876B70AE75F9182F783C70BF747CF4CA17A3AFC68517A9DB4C99449FA09BEF658B5E68087F2A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........<.h.j...i.{...j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.*.....2.....7.....?.....G.....O.....V.....].....d.....e.....f.....h...........................................................:.....K.....M.....Q.....y...........................................................-.....D.....T.....Z.....b.....p.......................................................................&.....8.....H.....].....z...........................................................&.....1.....H.....................................................'.....2.....F.....g.....j.....z...................................................................................`.......................;.....W.....p.....................................................6.....N............................................... .....B.....M... .W...".h...%.....(.....*.....+.....,.........../.....0.....1.O...3.a...4.~...5.....6.....7.....8.....9.0...;.>...<.K...=.W...>.l...?.u...@.....A.....C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\hu.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):437458
                                                                                                                                                                                                                                                    Entropy (8bit):5.655020135928055
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:wxEAuskhSSfm4Cky1tV5z8iZfGRzEY63aQSam7gXOeeeQi5gR7azQtGV52n5ydpS:wxLaj6V5z850+7BwQi5Rn6Z
                                                                                                                                                                                                                                                    MD5:2AA0A175DF21583A68176742400C6508
                                                                                                                                                                                                                                                    SHA1:3C25BA31C2B698E0C88E7D01B2CC241F0916E79A
                                                                                                                                                                                                                                                    SHA-256:B59F932DF822AB1A87E8AAB4BBB7C549DB15899F259F4C50AE28F8D8C7CE1E72
                                                                                                                                                                                                                                                    SHA-512:03A16FEB0601407E96BCB43AF9BDB21E5218C2700C9F3CFD5F9690D0B4528F9DC17E4CC690D8C9132D4E0B26D7FAAFD90AA3F5E57237E06FB81AAB7AB77F6C03
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........j.h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................L.....\.....r...............................................,...........2.....Z.....y.....................................................-.....X.....p.....u.....{.........................................!.....9.....X.....\....._.....m...................................@.....c.................................................................7.....B.....Z.....h.....................................................,.....A.....[.....{.................................................................q...........5.....;...................................#.....+.....9.....A.....G.....^.............................>.....u....................................... .....".....%.5...(.R...*.x...+.{...,.........../.....0.....1.....3.....4.6...5.X...6.....7.....8.....9.....;.....<.....=.....>.(...?.5...@.H...A.p...C.....D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\id.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):359190
                                                                                                                                                                                                                                                    Entropy (8bit):5.384547702191974
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:UINLZJl/dv1DR9S2fjDVnjHFfRmP2x1r856Rh1vtTtSLsEar:Nf7PDuAVnjHFpm+xh856RhP
                                                                                                                                                                                                                                                    MD5:B6FCD5160A3A1AE1F65B0540347A13F2
                                                                                                                                                                                                                                                    SHA1:4CF37346318EFB67908BBA7380DBAD30229C4D3D
                                                                                                                                                                                                                                                    SHA-256:7FD715914E3B0CF2048D4429F3236E0660D5BD5E61623C8FEF9B8E474C2AC313
                                                                                                                                                                                                                                                    SHA-512:A8B4A96E8F9A528B2DF3BD1251B72AB14FECCF491DD254A7C6ECBA831DFABA328ADB0FD0B4ACDDB89584F58F94B123E97CAA420F9D7B34131CC51BDBDBF3ED73
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.........._.h.$...i.5...j.A...k.P...l.[...n.c...o.h...p.u...r.{...s.....t.....v.....w.....y.....z.....|.....}............................................................. .....".....E.....S.....`.....p.....w.................................................................3.....;.....I.....Y.....a.....n.................................................................;.....P.....W.....^.....p.....}...........................................................0.....>.....C.....K.....R.....W.....a.....l...............................................$.....R.....x.................................................................'.....8.....?.....B.....C.....K.....S.....[.....c.....i.....u.............................@.....Q.....a.................................................................%.....:.....T............................................. .....".....%.....(.+...*.D...+.G...,.e.....u.../.....0.....1.....3.....4.....5.....6.5...7.H...8.\...9.i...;.w...<.....=.....>.....?.....@.....A...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\it.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):397402
                                                                                                                                                                                                                                                    Entropy (8bit):5.301296912236702
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:n9BKi2azctogSrqRrhsO11GT9TeLAG3XRU2gY7OfLwH+WcMgB8HryeuRNBPJX9SO:n9FTnzZY28+2vx+0e55zoI
                                                                                                                                                                                                                                                    MD5:745F16CA860EE751F70517C299C4AB0E
                                                                                                                                                                                                                                                    SHA1:54D933AD839C961DD63A47C92A5B935EEF208119
                                                                                                                                                                                                                                                    SHA-256:10E65F42CE01BA19EBF4B074E8B2456213234482EADF443DFAD6105FAF6CDE4C
                                                                                                                                                                                                                                                    SHA-512:238343D6C80B82AE900F5ABF4347E542C9EA016D75FB787B93E41E3C9C471AB33F6B4584387E5EE76950424E25486DD74B9901E7F72876960C0916C8B9CEE9A6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........Q.h.@...i.Q...j.]...k.l...l.w...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................%.....,.....3.....:.....;.....<.....>.....i.....|.......................................................................C.....V.....w.....~.....................................................*...........C.....Y.....o.................................................................0.....D.....f.................................................................*.....2.....@.....v............................................... .....,.....?.....T.....W.....k...................................................................................b.......................:.....O.....d.................................................................K.....k................................................... .....".$...%.H...(.`...*.|...+.....,.........../.....0.....1.....3.(...4.H...5.f...6.....7.....8.....9.....;.....<.....=. ...>.K...?.V...@.g...A.....C.....D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\ja.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):484003
                                                                                                                                                                                                                                                    Entropy (8bit):5.752575429591325
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:fznG4qRo+yixrD1r04XURrRpZd2hy/NPNQPkwRI6dIKhUNH7bbeCsy5SWbaabF/G:fzGBRo+911WlRpZd2yNp6k5AYxVk
                                                                                                                                                                                                                                                    MD5:38CD3EF9B7DFF9EFBBE086FA39541333
                                                                                                                                                                                                                                                    SHA1:321EF69A298D2F9830C14140B0B3B0B50BD95CB0
                                                                                                                                                                                                                                                    SHA-256:D8FAB5714DAFECB89B3E5FCE4C4D75D2B72893E685E148E9B60F7C096E5B3337
                                                                                                                                                                                                                                                    SHA-512:40785871032B222A758F29E0C6EC696FBE0F6F5F3274CC80085961621BEC68D7E0FB47C764649C4DD0C27C6EE02460407775FAE9D3A2A8A59362D25A39266CE0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............h.....i.....j.....k.....l.....m.....o.1...p.>...v.D...w.Q...y.W...z.f...|.l...}.~.........................................................................................3.....Q.....r.....x.............................(.....I.....K.....O.....w.........................................#.....J.....Z.....u..............................................._...........................................................9.....c.......................#.....3.....<.....D.....K.....T.....i.....y.............................B.....c................................... .....D.....G.....V.....q.....................................................$.....1.....D.................z.......................&.....Y.....h.....................................................7.....O...................................#.....C.....I... .R...".d...%.....(.....*.....+.....,.......J.../.h...0.q...1.....3.....4.....5.....6.g...7.....8.....9.....;.....<.....=.....>.:...?.D...@.Y...A.....C.....D.....E.....F.0...G.Z.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\kn.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):960888
                                                                                                                                                                                                                                                    Entropy (8bit):4.2704203524429865
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:P8nyRnHoS7yB/rt2o6i7u7b5frUb+7G+Vma:ti6X5jUA
                                                                                                                                                                                                                                                    MD5:CAAB4DEB1C40507848F9610D849834CF
                                                                                                                                                                                                                                                    SHA1:1BC87FF70817BA1E1FDD1B5CB961213418680CBE
                                                                                                                                                                                                                                                    SHA-256:7A34483E6272F9B8881F0F5A725B477540166561C75B9E7AB627815D4BE1A8A4
                                                                                                                                                                                                                                                    SHA-512:DC4B63E5A037479BB831B0771AEC0FE6EB016723BCD920B41AB87EF11505626632877073CE4E5E0755510FE19BA134A7B5899332ECEF854008B15639F915860C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........7.h.t...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....o.....p.....u...........>.....u.......................F.....g.....y...........<.....>.....J.....r.......................^.......................e.................1.....n.....................................................1.....l.....{.....~.................,.....l...........*.................-.....E.....M.....T.....f.............................I.......................S.................d.............................`.....c.......................E...............................................#.....6.....`.................".....=.................(...............................................@.............................".......................(.....h............... ....."."...%.....(.....*.....+.....,.;.....l.../.....0.....1.U...3.o...4.....5.....6.....7.....8.....9.V...;.....<.....=.....>.....?.....@.G...A.....C.....D.=.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\ko.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):407632
                                                                                                                                                                                                                                                    Entropy (8bit):6.124197697056213
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:Md9PhJeKVoCGet8Oh2J7klCqZ5T7BKI8LtCq7hUoqAX:Md91UJc5184AX
                                                                                                                                                                                                                                                    MD5:D6194FC52E962534B360558061DE2A25
                                                                                                                                                                                                                                                    SHA1:98ED833F8C4BEAC685E55317C452249579610FF8
                                                                                                                                                                                                                                                    SHA-256:1A5884BD6665B2F404B7328DE013522EE7C41130E57A53038FC991EC38290D21
                                                                                                                                                                                                                                                    SHA-512:5207A07426C6CEB78F0504613B6D2B8DADF9F31378E67A61091F16D72287ADBC7768D1B7F2A923369197E732426D15A872C091CF88680686581D48A7F94988AB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............h.....i.....j.....k.....l.....m.....o.....p.....r.....s.-...t.6...y.K...z.Z...|.`...}.r.....z.........................................................................................7.....D.....^.....k.....s.........................................3.....?.....L.....\.....c.....}.................................................................d.....z.................................................................%.....F.....j.......................................................................`.....v.............................*.....6.....L.....Y.....n.........................................................................................x...........D.....M.............................#.....6.....9.....L.....R.....[.....r...................................^.....n.....w.....}..................... .....".....%.....(.....*.M...+.P...,.........../.....0.....1.....3.....4.5...5.]...6.....7.....8.....9.....;.....<.....=.....>.....?./...@.C...A.q...C.....D.....E.....F.....G...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\lt.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):439793
                                                                                                                                                                                                                                                    Entropy (8bit):5.6365541871793114
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:zXtEPi5jFX4VU4EzsnHIOBoU+1Qi7t5GkzvLdyaj+teJvxY2I96Su:CEmguHLBoUnU5TzvLWeJJG6Su
                                                                                                                                                                                                                                                    MD5:64B08FFC40A605FE74ECC24C3024EE3B
                                                                                                                                                                                                                                                    SHA1:516296E8A3114DDBF77601A11FAF4326A47975AB
                                                                                                                                                                                                                                                    SHA-256:8A5D6E29833374E0F74FD7070C1B20856CB6B42ED30D18A5F17E6C2E4A8D783E
                                                                                                                                                                                                                                                    SHA-512:05D207413186AC2B87A59681EFE4FDF9DC600D0F3E8327E7B9802A42306D80D0DDD9EE07D103B17CAF0518E42AB25B7CA9DA4713941ABC7BCED65961671164AC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........S.h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....h.....v...............................................&.....7.....9.....=.....e.....................................................(.....7.....Q.....f.....m.....v.....................................................6.....A.....L.....V.....l............................. .....G.....e.....n.....v.....}...............................................).....4.....K.....]................................................................./.....G.....^.....x...........................................................Y....................... .....A.....w...............................................*.....>.....r...............................................L.....Y... .n...".~...%.....(.....*.....+.....,.......6.../.Q...0.T...1.....3.....4.....5.....6.-...7.P...8.p...9.....;.....<.....=.....>.....?.....@.....A.I...C.j.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\lv.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):437670
                                                                                                                                                                                                                                                    Entropy (8bit):5.638618522703661
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:TjewdtAe6tN4tVFHzmstt4Uoo3W3sb3F5hZanXnEv9AhraszLOAty6ls1V:RR/v4UVWwF5UEabns1V
                                                                                                                                                                                                                                                    MD5:A8CBD741A764F40B16AFEA275F240E7E
                                                                                                                                                                                                                                                    SHA1:317D30BBAD8FD0C30DE383998EA5BE4EEC0BB246
                                                                                                                                                                                                                                                    SHA-256:A1A9D84FD3AF571A57BE8B1A9189D40B836808998E00EC9BD15557B83D0E3086
                                                                                                                                                                                                                                                    SHA-512:3DA91C0CA20165445A2D283DB7DC749FCF73E049BFFF346B1D79B03391AEFC7F1310D3AC2C42109044CFB50AFCF178DCF3A34B4823626228E591F328DD7AFE95
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........C.h.\...i.m...j.y...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......$.....).....1.....9.....A.....H.....O.....V.....W.....X.....Z...........................................................3.....O.....Q.....U.....}...........................................................7.....Q.....b.....h.....n.....................................................,.....5.....8.....?.....U.....g.....y...........................................................'.....@.....c.....g.........................................9.....[.....l...........................................................1.....H.....O.....R.....S.....].....h.....p.....w.......................].....h.......................8.....C.....U.....\.....k.....n.....y...................................S............................................. .....".....%.'...(.A...*.^...+.a...,.........../.....0.....1.....3.....4.,...5.Q...6.....7.....8.....9.....<.....=.....>.....?.....@.....A.i...C.....D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\ml.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):998155
                                                                                                                                                                                                                                                    Entropy (8bit):4.3110320925732095
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:T6ALnHOE47/URV1BQMmWDcZubSAD7qcDs3eThx5D/7dZdO3cb:9Owoys3eT5D/79O3u
                                                                                                                                                                                                                                                    MD5:1C81104AC2CBF7F7739AF62EB77D20D5
                                                                                                                                                                                                                                                    SHA1:0F0D564F1860302F171356EA35B3A6306C051C10
                                                                                                                                                                                                                                                    SHA-256:66005BC01175A4F6560D1E9768DBC72B46A4198F8E435250C8EBC232D2DAC108
                                                                                                                                                                                                                                                    SHA-512:969294EAE8C95A1126803A35B8D3F1FC3C9D22350AA9CC76B2323B77AD7E84395D6D83B89DEB64565783405D6F7EAE40DEF7BDAF0D08DA67845AE9C7DBB26926
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........:.h.n...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......6.....;.....C.....K.....S.....Z.....a.....h.....i.....j.....o.................Z.......................1.....O.................k.....m.....q.......................E.............................x.................Y.............................+....._...........6.....T.....{.............................5.......................u...........,.........................................#.....K...............................................:...........,.....f.............................".....f.......................O.....................................................i................._.....}.......................`.........................................s...........T...........&...........l.......................H.....s......... .....".....%.....(.....*.T...+.W...,.........../.....0.....1.....3.....4.....5.v...6.....7.R...8.....9.....;.S...<.p...=.....>.....?.....@.....A.U...C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\mr.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):816652
                                                                                                                                                                                                                                                    Entropy (8bit):4.350418506868822
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:ZE7bv9/9xAvtACKjxUp0djbOXspvibMFFPMUh3RQR3KB+5lx14/H4bmHwMaZ0t4k:ZE7b1fOACsxZjAEV6yZ00VbJ5JgezP5
                                                                                                                                                                                                                                                    MD5:2CF9F07DDF7A3A70A48E8B524A5AED43
                                                                                                                                                                                                                                                    SHA1:974C1A01F651092F78D2D20553C3462267DDF4E9
                                                                                                                                                                                                                                                    SHA-256:23058C0F71D9E40F927775D980524D866F70322E0EF215AA5748C239707451E7
                                                                                                                                                                                                                                                    SHA-512:0B21570DEEFA41DEFC3C25C57B3171635BCB5593761D48A8116888CE8BE34C1499FF79C7A3EBBE13B5A565C90027D294C6835E92E6254D582A86750640FE90F2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........|.|.h.....i.....j.....k.....l.*...n.2...o.7...p.D...r.J...s.[...t.d...v.y...w.....y.....z.....|.....}.........................................................................q...................................5.....G.....Y.............................<.....a.......................,.....B.....w.......................^.....}.................................................................D.....M.....P.....l.......................A.......................<.....O.....W.....^.....j.............................2.............................J.......................P.....s...................................-.....N.....r.....................................................2...........b...................................K.....d.........................................@.................,.....m.......................:.....]............... .....".....%.J...(.....*.....+.....,.......!.../.]...0.j...1.....3.....4.4...5.n...6.....7.....8.X...9.....;.....<.....=.....>.%...?.8...@.g...A.....C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\ms.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):374453
                                                                                                                                                                                                                                                    Entropy (8bit):5.272284824619555
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:DZ/AO2kUDrt2MBrIxFQJulcul5WkS/PSOW5soNY3MMyvek:DZ/ApkUDrt2MOxSIl51kP05RYcMA
                                                                                                                                                                                                                                                    MD5:AEE105366A1870B9D10F0F897E9295DB
                                                                                                                                                                                                                                                    SHA1:EEE9D789A8EEAFE593CE77A7C554F92A26A2296F
                                                                                                                                                                                                                                                    SHA-256:C6471AEE5F34F31477D57F593B09CB1DE87F5FD0F9B5E63D8BAB4986CF10D939
                                                                                                                                                                                                                                                    SHA-512:240688A0054BFEBE36EA2B056194EE07E87BBBEB7E385131C73A64AA7967984610FCB80638DD883837014F9BC920037069D0655E3E92A5922F76813AEDB185FA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........8.h.r...i.z...j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.).....1.....6.....>.....F.....N.....U.....\.....c.....d.....e.....j...........................................................A.....X.....Z.....^...........................................................+.....9.....M.....Z.....a.....f.....u.......................................................................*.....9.....M.....d.......................................................................$.....6.....d.....x.....................................................).....=.....@.....T.....h.....z...................................................................................e...................................$...../.....A.....L.....V.....^.....e.....|...................................1.....F.....L.....R.....a.....v......... .....".....%.....(.....*.....+.....,.......$.../.:...0.D...1.x...3.....4.....5.....6.....7.....8.&...9.9...;.M...<.X...=.i...>.....?.....@.....A...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\nb.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):367614
                                                                                                                                                                                                                                                    Entropy (8bit):5.435724855090923
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:TAJxNH0uqnIhgFYMqOp7fwcbgtmX07Sgzuu5Dn4XYnOGrr:ExdfqnPFYMqOp7fwcwSgB5Dn4LGrr
                                                                                                                                                                                                                                                    MD5:55D5AD4EACB12824CFCD89470664C856
                                                                                                                                                                                                                                                    SHA1:F893C00D8D4FDB2F3E7A74A8BE823E5E8F0CD673
                                                                                                                                                                                                                                                    SHA-256:4F44789A2C38EDC396A31ABA5CC09D20FB84CD1E06F70C49F0664289C33CD261
                                                                                                                                                                                                                                                    SHA-512:555D87BE8C97F466C6B3E7B23EC0210335846398C33DBA71E926FF7E26901A3908DBB0F639C93DB2D090C9D8BDA48EDDF196B1A09794D0E396B2C02B4720F37E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........P.h.B...i.Y...j.e...k.t...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................%.....-.....4.....;.....B.....C.....D.....F.....m.....x.................................................................".....J.....^.....v.....{.....................................................)...../.....5.....D.....T.....c.......................................................................-.....J.....c.....{.......................................................................+.....6.....@.....Y.....o.......................................................................%.....5.....I.....P.....S.....T.....[.....c.....n.....u.......................*...........x...........................................................,.....I.....`.....y...............................................'.....2... .7...".@...%.Z...(.z...*.....+.....,.........../.....0.....1.....3. ...4.:...5.O...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.....A.?...C.\.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\nl.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):379453
                                                                                                                                                                                                                                                    Entropy (8bit):5.379227569652463
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:KcJ9Smne7gqDO5EQHzpamU3D+qn7Cv5qPxOGpLMsLPW:Km9nCgqDO5ELrOv5qPxOGpLM+PW
                                                                                                                                                                                                                                                    MD5:0F04BAC280035FAB018F634BCB5F53AE
                                                                                                                                                                                                                                                    SHA1:4CAD76EAECD924B12013E98C3A0E99B192BE8936
                                                                                                                                                                                                                                                    SHA-256:BE254BCDA4DBE167CB2E57402A4A0A814D591807C675302D2CE286013B40799B
                                                                                                                                                                                                                                                    SHA-512:1256A6ACAC5A42621CB59EB3DA42DDEEACFE290F6AE4A92D00EBD4450A8B7CCB6F0CD5C21CF0F18FE4D43D0D7AEE87B6991FEF154908792930295A3871FA53DF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........Y.h.0...i.A...j.M...k.\...l.g...n.o...o.t...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................#.....*.....+.....,...........\.....h.....x.................................................................).....A.....].....k.....{...............................................)...........7.....F.....V.....e.................................................................3.....K.....o.................................................................).....0.....E.....}.........................................'.....1.....?.....^.....a.....v.............................................................................).....k.......................+.....@.....X.................................................................3.....H.....f............................................. .....".....%.....(.+...*.D...+.G...,.e.....v.../.....0.....1.....3.....4.....5.....6.J...7.b...8.....9.....;.....<.....=.....>.....?.....@.....A.....C.8...D.B.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\pl.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):422325
                                                                                                                                                                                                                                                    Entropy (8bit):5.774687126444438
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:roj98jy/jojSoM/Z+Xgv3iWhbhvPeCUdxUwVTmNF1Qhjhd5UR405Y:ryMV+1Qhb5IY
                                                                                                                                                                                                                                                    MD5:F1D48A7DCD4880A27E39B7561B6EB0AB
                                                                                                                                                                                                                                                    SHA1:353C3BA213CD2E1F7423C6BA857A8D8BE40D8302
                                                                                                                                                                                                                                                    SHA-256:2593C8B59849FBC690CBD513F06685EA3292CD0187FCF6B9069CBF3C9B0E8A85
                                                                                                                                                                                                                                                    SHA-512:132DA2D3C1A4DAD5CCB399B107D7B6D9203A4B264EF8A65ADD11C5E8C75859115443E1C65ECE2E690C046A82687829F54EC855F99D4843F859AB1DD7C71F35A5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........R.h.>...i.O...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....j.....y.....................................................!.....#.....'.....O.....g.................................................................*.....0.....6.....I.....].....o.............................................................................J.....f.............................................................................K....._.....j.....................................................<.....?.....N.....\.....k.......................................................................9.......................(.....E.....`.....................................................#.....=.....k...............................................9.....D... .M...".]...%.....(.....*.....+.....,.........../.....0."...1.Q...3.`...4.....5.....6.....7.....8.....9.....;.&...<.1...=.;...>.O...?.X...@.k...A.....C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\pt-BR.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):399250
                                                                                                                                                                                                                                                    Entropy (8bit):5.432001310431886
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:oNssFqCoNBXBL3sNA65VyS15LqJVlLUoR1peV:oNssFqIF5uJH4oR/g
                                                                                                                                                                                                                                                    MD5:8E931FFBDED8933891FB27D2CCA7F37D
                                                                                                                                                                                                                                                    SHA1:AB0A49B86079D3E0EB9B684CA36EB98D1D1FD473
                                                                                                                                                                                                                                                    SHA-256:6632BD12F04A5385012B5CDEBE8C0DAD4A06750DC91C974264D8FE60E8B6951D
                                                                                                                                                                                                                                                    SHA-512:CF0F6485A65C13CF5DDD6457D34CDEA222708B0BB5CA57034ED2C4900FD22765385547AF2E2391E78F02DCF00B7A2B3AC42A3509DD4237581CFB87B8F389E48D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........=.h.h...i.y...j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.(.....0.....5.....=.....E.....M.....T.....[.....b.....c.....d.....i...........................................................@.....U.....W.....[...........................................................'.....A.....a.....x...............................................!.....,.....<.....I.....M.....P.....W.....l.....z.....................................................&.....,.....7.....E.....].....g.....x...................................4.....>.....N.....[.....m...................................................................................%.....,.....<.....o.......................&.....;.....R.....z.................................................................G.....e............................................. .....".....%.)...(.?...*.Z...+.]...,.{........./.....0.....1.....3.....4.....5.'...6._...7.s...8.....9.....;.....<.....=.....>.....?.....@.....A.0...C.S...D.].

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\pt-PT.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):400379
                                                                                                                                                                                                                                                    Entropy (8bit):5.412017917472705
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:dqPhA4zslBWfIw2ieJVJJxhmOcXLFIUK5IKM4RV6X:EJolB/2bfK5IKM4RG
                                                                                                                                                                                                                                                    MD5:B4954B064E3F6A9BA546DDA5FA625927
                                                                                                                                                                                                                                                    SHA1:584686C6026518932991F7DE611E2266D8523F9D
                                                                                                                                                                                                                                                    SHA-256:EE1E014550B85E3D18FB5128984A713D9F6DE2258001B50DDD18391E7307B4A1
                                                                                                                                                                                                                                                    SHA-512:CB3B465B311F83B972ECA1C66862B2C5D6EA6AC15282E0094AEA455123DDF32E85DF24A94A0AEDBE1B925FF3ED005BA1E00D5EE820676D7A5A366153ADE90EF7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........2.h.~...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.&...|.,...}.>.....F.....K.....S.....[.....c.....j.....q.....x.....y.....z.....................................................!.....).....J.....\.....^.....b...........................................................).....<.....W.....o.....y.....................................................'.....4.....8.....;.....B.....[.....i.....z...............................................$.....*.....5.....C.....Y.....a.....r.........................................6.....A.....Q.....^.....p.............................................................................%...........5.....F.............................>.....R.....f...........................................................(.....U.....q............................................... ... .$...".8...%.S...(.i...*.....+.....,.........../.....0.....1.....3.&...4.J...5.n...6.....7.....8.....9.....;.....<.....=.....>.A...?.L...@.a...A.....C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\ro.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):412797
                                                                                                                                                                                                                                                    Entropy (8bit):5.469387509353947
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:Lsg4/xnSFcFG1Y6vFEsif5QB0o1s21/oulzr:Lt7FcFG1Y6vesif5QKob/dr
                                                                                                                                                                                                                                                    MD5:D2758F6ADBAEEA7CD5D95F4AD6DDE954
                                                                                                                                                                                                                                                    SHA1:D7476DB23D8B0E11BBABF6A59FDE7609586BDC8A
                                                                                                                                                                                                                                                    SHA-256:2B7906F33BFBE8E9968BCD65366E2E996CDF2F3E1A1FC56AD54BAF261C66954C
                                                                                                                                                                                                                                                    SHA-512:8378032D6FEBEA8B5047ADA667CB19E6A41F890CB36305ACC2500662B4377CAEF3DC50987C925E05F21C12E32C3920188A58EE59D687266D70B8BFB1B0169A6E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........Z.h.....i.?...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....e.....t.......................................................................2.....S.....p.....y...............................................-.....D.....L....._.....s...............................................2.....=.....E.....b...................................>.....O.....W....._.....f.....l.....{...............................................+.....;.....b...........................................................'.....B.....`.....t.....{.....~...............................................].............................2.....b.....m.....................................................?.....g.........................................#...../... .9...".M...%.p...(.....*.....+.....,.........../.....0.....1.....3.?...4.[...5.{...6.....7.....8.....9.....;.....<.....=.(...>.C...?.K...@.Z...A.....C.....D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\ru.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):672991
                                                                                                                                                                                                                                                    Entropy (8bit):4.887128747074479
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:xkFzEroY5eXN2hHO3j/jHXzvMBJJWkKce8P/XzFGGJn/aZ/LNUFC0WGWajfG1UpM:xUQMi5y6d4
                                                                                                                                                                                                                                                    MD5:2885BDE990EE3B30F2C54A4067421B68
                                                                                                                                                                                                                                                    SHA1:AE16C4D534B120FDD68D33C091A0EC89FD58793F
                                                                                                                                                                                                                                                    SHA-256:9FCDA0D1FAB7FFF7E2F27980DE8D94FF31E14287F58BD5D35929DE5DD9CBCDCA
                                                                                                                                                                                                                                                    SHA-512:F7781F5C07FBF128399B88245F35055964FF0CDE1CC6B35563ABC64F520971CE9916827097CA18855B46EC6397639F5416A6E8386A9390AFBA4332D47D21693F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............h.(...i.9...j.E...k.T...l._...n.g...o.l...p.y...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................".....#.....$.....&.....~...................................4.....>.....H.........................................-.....9.....X.....l...................................T.....w.............................E.....o.....y...............................................$.....?.....|.......................).....7.....?.....M.....n...................................H.....X.......................#.....D.....W.....{...................................<.....^...........................................................r.............................@.....g.............................).....>.....L.....z.................`.....~...........$.....U.....g.....{..................... .....".....%.,...(.r...*.....+.....,.........../.:...0.K...1.....3.....4.....5."...6.....7.....8.....9.....;.....<.1...=.E...>.|...?.....@.....A.-...C.e...D.v...E.....F...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\sk.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):426178
                                                                                                                                                                                                                                                    Entropy (8bit):5.821396103086126
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:M43lA0ct/muNypigJ4BOn5aHSL9aQCqoLWGL:91cgsypipBI5aHSL9aQCDLd
                                                                                                                                                                                                                                                    MD5:B7E97CC98B104053E5F1D6A671C703B7
                                                                                                                                                                                                                                                    SHA1:0F7293F1744AE2CD858EB3431EE016641478AE7D
                                                                                                                                                                                                                                                    SHA-256:B0D38869275D9D295E42B0B90D0177E0CA56A393874E4BB454439B8CE25D686F
                                                                                                                                                                                                                                                    SHA-512:EF3247C6F0F4065A4B68DB6BF7E28C8101A9C6C791B3F771ED67B5B70F2C9689CEC67A1C864F423382C076E4CBB6019C1C0CB9AD0204454E28F749A69B6B0DE0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........R.h.>...i.R...j.^...k.m...l.x...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................&.....-.....4.....;.....<.....=.....?.....s.....................................................(.....=.....?.....C.....k.....................................................'.....7.....S.....b.....h.....p...........................................................-.....8.....V.....l.....~...........................................................#.....2.....I.....T.....o...................................8.....B.....P.....\.....k.............................................................................'...../.....;.....K.................?.....F.............................+.....F.....K.....W.....b.....k...................................N............................................. .....".....%.,...(.G...*.h...+.k...,.........../.....0.....1.....3.....4. ...5.?...6.v...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.Z...C.{...D.....E...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\sl.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):411437
                                                                                                                                                                                                                                                    Entropy (8bit):5.49350335324308
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:tnerKYjnS4fhmi0i2iiBnnbANjbnPMum4ocyxPbPD/yu0zrVftjQLc35BdFPcNpU:lEjnSn1iHd35vtcqO+i/fz50qg
                                                                                                                                                                                                                                                    MD5:CA763E801DE642E4D68510900FF6FABB
                                                                                                                                                                                                                                                    SHA1:C32A871831CE486514F621B3AB09387548EE1CFF
                                                                                                                                                                                                                                                    SHA-256:340E0BABE5FDDBFDA601C747127251CF111DD7D79D0D6A5EC4E8443B835027DE
                                                                                                                                                                                                                                                    SHA-512:E2847CE75DE57DEB05528DD9557047EDCD15D86BF40A911EB97E988A8FDBDA1CD0E0A81320EADF510C91C826499A897C770C007DE936927DF7A1CC82FA262039
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........c.h.....i.-...j.7...k.F...l.Q...n.Y...o.^...p.k...r.q...s.....t.....v.....w.....y.....z.....|.....}.........................................................................B.....T.....b.....r.....z.....................................................F.....d.....|.......................................................................%.....4.....H.....W.......................................................................#.....=.....].....{.....................................................#...........>.....k.....u...............................................'.....6.....P.....U.....e.....x.............................................................................E.......................&.....I.....j.....................................................%.....=.....j...............................................&.....2... .<...".N...%.f...(.....*.....+.....,.........../.....0.....1.I...3.X...4.t...5.....6.....7.....8.....9.....;.#...<./...=.9...>.L...?.V...@.d...A.....C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\sr.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):630964
                                                                                                                                                                                                                                                    Entropy (8bit):4.810757945626649
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:H0JfhK5lIRIS151RHexYzs+DN5W9xTvvWF37sQ/k/k/i:y5V9dN5Oxjn
                                                                                                                                                                                                                                                    MD5:C68C235D8E696C098CF66191E648196B
                                                                                                                                                                                                                                                    SHA1:5C967FBBD90403A755D6C4B2411E359884DC8317
                                                                                                                                                                                                                                                    SHA-256:AB96A18177AF90495E2E3C96292638A775AA75C1D210CA6A6C18FBC284CD815B
                                                                                                                                                                                                                                                    SHA-512:34D14D8CB851DF1EA8CD3CC7E9690EAF965D8941CFCAC1C946606115AD889630156C5FF47011B27C1288F8DF70E8A7DC41909A9FA98D75B691742EC1D1A5E653
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........?.h.d...i.u...j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.$.....,.....1.....9.....A.....I.....P.....W.....^....._.....`.....b.......................#.....=.....X.............................I.....K.....O.....w...................................(.....B.....w.........................................B.....k.............................+.....D....._.....i.....y...................................Q...............................................&.....H.....l.....x.............................B.....e............................./.....O.........................................(.....H.....O.....R.....S.....].....i.......................5...........Q.....a...........1.....^................................... .....*.....N.......................O............................. .....5.....h.....}... .....".....%.....(.%...*.W...+.Z...,.x........./.....0.....1.4...3.K...4.....5.....6.$...7.L...8.z...9.....;.....<.....=.....>.!...?.2...@.S...A.....C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\sv.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):370331
                                                                                                                                                                                                                                                    Entropy (8bit):5.550902354924257
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:A3J7MHJrRRcAjowQx+ByxN6dn4bLXvu9M7SOVDE/xUDv6o5WI5ggbN:G7EHl9BdU5X5x
                                                                                                                                                                                                                                                    MD5:272F8A8B517C7283EAB83BA6993EEA63
                                                                                                                                                                                                                                                    SHA1:AD4175331B948BD4F1F323A4938863472D9B700C
                                                                                                                                                                                                                                                    SHA-256:D15B46BC9B5E31449B11251DF19CD2BA4920C759BD6D4FA8CA93FD3361FDD968
                                                                                                                                                                                                                                                    SHA-512:3A0930B7F228A779F727EBFB6AE8820AB5CC2C9E04C986BCE7B0F49F9BF124F349248ECDF108EDF8870F96B06D58DEA93A3E0E2F2DA90537632F2109E1AA65F0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........q.h.....i.....j.....k.,...l.7...n.?...o.D...p.Q...r.W...s.h...t.q...v.....w.....y.....z.....|.....}.........................................................................(.....9.....K....._.....g.....p.....................................................%.....=.....C.....S.....d.....k.....x.................................................................W.....m.....y.................................................................?.....c.......................................................................,.....4.....?.....W.....g.................................................................".....4.....E.....b.....i.....l.....m.....u.....}.............................&.....`.....g.........................................".....*.....,.....2.....D.....e.....}.............................1.....7.....A.....Q.....`.....h... .m...".w...%.....(.....*.....+.....,.........../.....0.1...1.]...3.g...4.....5.....6.....7.....8.....9.....;.....<.%...=.3...>.J...?.S...@.c...A.....C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\sw.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):388458
                                                                                                                                                                                                                                                    Entropy (8bit):5.356168167447509
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:24pV6wBz58kN6vhq//3UZFBIzDWs8ADjLKrYNguA/h5aS0DwV+ChZYeeq0e1k4H5:24bVd5B/3U/BLs8kMKguA/h5N1hZY+0u
                                                                                                                                                                                                                                                    MD5:67A443A5C2EAAD32625EDB5F8DEB7852
                                                                                                                                                                                                                                                    SHA1:A6137841E8E7736C5EDE1D0DC0CE3A44DC41013F
                                                                                                                                                                                                                                                    SHA-256:41DFB772AE4C6F9E879BF7B4FA776B2877A2F8740FA747031B3D6F57F34D81DD
                                                                                                                                                                                                                                                    SHA-512:E0FDFF1C3C834D8AF8634F43C2F16BA5B883A8D88DFD322593A13830047568FAF9F41D0BF73CD59E2E33C38FA58998D4702D2B0C21666717A86945D18B3F29E5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........K.h.L...i.W...j.c...k.r...l.}...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................#.....+.....2.....9.....@.....A.....B.....G.....k.....}...........................................................!.....%.....M.....c...........................................................$.....5.....?.....E.....\.....p.....}.................................................................6.....N.....p.................................................................?.....F.....X.........................................K.....U.....`.....l.....................................................%.....,...../.....0.....=.....D.....I.....P.....W.....c.............................6.....N.....c.................................................................L.....e................................................... .!...".1...%.U...(.o...*.....+.....,.........../.....0.....1. ...3.6...4.L...5.i...6.....7.....8.....9.....;.....<.....=.....>.....?.&...@.A...A.q.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\ta.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):987188
                                                                                                                                                                                                                                                    Entropy (8bit):4.090571010189695
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:S3YCY5ynH4ASpuCkCxSiP84Gb/v5nB7zztROcA2P:SnVUdQO84Gb/v55zztROcA2P
                                                                                                                                                                                                                                                    MD5:18EC8FF3C0701A6A8C48F341D368BAB5
                                                                                                                                                                                                                                                    SHA1:8BFF8AEE26B990CF739A29F83EFDF883817E59D8
                                                                                                                                                                                                                                                    SHA-256:052BCDB64A80E504BB6552B97881526795B64E0AB7EE5FC031F3EDF87160DEE9
                                                                                                                                                                                                                                                    SHA-512:A0E997FC9D316277DE3F4773388835C287AB1A35770C01E376FB7428FF87683A425F6A6A605D38DD7904CA39C50998CD85F855CB33AE6ABAD47AC85A1584FE4E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........x.h.....i.....j.....k.....l.)...n.1...o.6...p.C...r.I...s.Z...t.c...v.x...w.....y.....z.....|.....}...........................................................................................).....G.....P.......................M...........................................................,.....{.................&.....p.............................5.....W...........L.....d.......................#.....&.....8.....p.......................y...........+.....M.....Y.....a.....h.......................0.....K.....s.......................?...........$.....{.......................6.....w.....z.................1.....d...............................................1.....D...........c...........................................................$.....K.....c.....o.................S...........0.................U.....j........................... . ...".Z...%.....(.)...*.....+.....,.........../.....0.....1.....3.....4.7...5.....6.Z...7.....8.....9.$...;.g...<.....=.....>.....?.....@.0...A.y...C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\te.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):916416
                                                                                                                                                                                                                                                    Entropy (8bit):4.338166638560127
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:iy/yX8OsABW3p1F9SviTlwJAg5NFO1Tr/p54JAQvfEC28+58XoX0DTq9OyU+0Ak1:vu8OkDY5YMZb
                                                                                                                                                                                                                                                    MD5:A17F16D7A038B0FA3A87D7B1B8095766
                                                                                                                                                                                                                                                    SHA1:B2F845E52B32C513E6565248F91901AB6874E117
                                                                                                                                                                                                                                                    SHA-256:D39716633228A5872630522306F89AF8585F8092779892087C3F1230D21A489E
                                                                                                                                                                                                                                                    SHA-512:371FB44B20B8ABA00C4D6F17701FA4303181AD628F60C7B4218E33BE7026F118F619D66D679BFFCB0213C48700FAFD36B2E704499A362F715F63EA9A75D719E7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........8.h.r...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.#...|.)...}.;.....C.....H.....P.....X.....`.....g.....n.....u.....v.....w.....|...........3.....g.............................@.....U...........4.....6.....B.....j.......................2.......................>.....`...........$.....U.....s...............................................,.....o.............................>.................<.................p.........................................8.......................M.....~.........................................P.....l.............................2.....T.........................................0.....W.....~.............................7.............................c.................7.....C.....s.......................T...........A.................p.......................C............... .....".....%.K...(.....*.....+.....,.......I.../.....0.....1.U...3.x...4.....5.....6.....7.....8."...9.V...;.....<.....=.....>.....?.....@.=...A...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\th.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):771431
                                                                                                                                                                                                                                                    Entropy (8bit):4.388714549432334
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:5ZY31Mkgs3s5UvfZLRflsjj8FCG1LDoAGkEeuLAD57Kle9d8nyj9FR3o09XAyFHa:57yU5K54
                                                                                                                                                                                                                                                    MD5:A32BA63FEEED9B91F6D6800B51E5AEAE
                                                                                                                                                                                                                                                    SHA1:2FBF6783996E8315A4FB94B7D859564350EE5918
                                                                                                                                                                                                                                                    SHA-256:E32E37CA0AB30F1816FE6DF37E3168E1022F1D3737C94F5472AB6600D97A45F6
                                                                                                                                                                                                                                                    SHA-512:ADEBDE0F929820D8368096A9C30961BA7B33815B0F124CA56CA05767BA6D081ADF964088CB2B9FCAA07F756B946FFFA701F0B64B07D457C99FD2B498CBD1E8A5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............h.....i.....j.....k.....l.....o.....p.'...r.-...s.>...t.G...v.\...w.i...y.o...z.~...|.....}...............................................................................2.....V.............................\.....z...................................E.....r.............................&.....M.............................;.....V.....h.................1.............................+.....L.....X.....[.....j.......................2.....e...............................................&.....E.....~.................&.....Y.....t.................O.............................0.....3.....W.....x.........................................".....C.....U.....h.......................3.....E.................D.............................".....=.....d.......................e.................H....................................... .7...".L...%.....(.....*.*...+.-...,.>.....n.../.....0.....1.>...3.l...4.....5.....6.{...7.....8.....9.....;.....<.3...=.X...>.....?.....@.....A.-...C.r...D.....E...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\tr.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):395016
                                                                                                                                                                                                                                                    Entropy (8bit):5.625100269002306
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:xxl+G2KPlJi+kKD80GlTgAI7WTge95j/0+Vi1havX9vwiBrVmI:rlt2IlrRn57m5j/1
                                                                                                                                                                                                                                                    MD5:5FF2E5C95067A339E3D6B8985156EC1F
                                                                                                                                                                                                                                                    SHA1:7525B25C7B07F54B63B6459A0D8C8C720BD8A398
                                                                                                                                                                                                                                                    SHA-256:14A131BA318274CF10DE533A19776DB288F08A294CF7E564B7769FD41C7F2582
                                                                                                                                                                                                                                                    SHA-512:2414386DF8D7AB75DCBD6CA2B9AE62BA8E953DDB8CD8661A9F984EB5E573637740C7A79050B2B303AF3D5B1D4D1BB21DC658283638718FDD04FC6E5891949D1B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........".h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v."...w./...y.5...z.D...|.J...}.\.....d.....i.....q.....y.......................................................................#.....1.....O.....\.....p.........................................................../.....9.....R.....|...........................................................J.....b.....f.....n.....{.................................................................H.....V.....[.....c.....j.....q.............................................../.....>.....u.................................................................-.....F.....V.....].....`.....a.....k.....t.....{.............................$.....c.....i.........................................(.....2.....;.....B.....[.....{.............................@.....V.....].....c.....r............... .....".....%.....(.....*.....+.....,.......E.../.^...0.g...1.....3.....4.....5.....6.....7.:...8._...9.t...;.....<.....=.....>.....?.....@.....A.....C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\uk.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):673547
                                                                                                                                                                                                                                                    Entropy (8bit):4.9167574403691825
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:Yoff7plonpyOKtPXiNcnZx75kB3IjE8EmLvLNiXEJq//GW:YoffaXMd59E7
                                                                                                                                                                                                                                                    MD5:361A0E1F665B9082A457D36209B92A25
                                                                                                                                                                                                                                                    SHA1:3C89E1B70B51820BB6BAA64365C64DA6A9898E2F
                                                                                                                                                                                                                                                    SHA-256:BD02966F6C6258B66EAE7FF014710925E53FE26E8254D7DB4E9147266025CC3A
                                                                                                                                                                                                                                                    SHA-512:D4D25FC58053F8CCE4C073846706DC1ECBC0DC19308BA35501E19676F3E7ED855D7B57AE22A5637F81CEFC1AA032BF8770D0737DF1924F3504813349387C08CF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........g...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.(...t.1...v.F...w.S...y.Y...z.h...|.n...}.........................................................................'.....D.....].........................................J...............................................6.....J.....a...................................O.....[.....m.............................C.....M.....].....t...............................................L.....}.........................................=.....d...................................+.....b.....y.............................1.....Q.....}...................................3.....c.....j.....m.....n.....~.............................I...........U.....g...........1.....`.......................*.....>.....R.....`.......................C.....x................./.....A.....U..................... .....".....%.0...(.j...*.....+.....,.........../.J...0.\...1.....3.....4.....5.A...6.....7.....8.....9.....;.....<.%...=.9...>.....?.....@.....A.3...C.m...D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\ur.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):585532
                                                                                                                                                                                                                                                    Entropy (8bit):5.197200392190567
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:UA3OsGF8Pz0WEJytlkA+7Z5QzUExbW7DQQYrhu6co/9NjjFpvJK:UAe3A85oWB
                                                                                                                                                                                                                                                    MD5:1CA4FA13BD0089D65DA7CD2376FEB4C6
                                                                                                                                                                                                                                                    SHA1:B1BA777E635D78D1E98E43E82D0F7A3DD7E97F9C
                                                                                                                                                                                                                                                    SHA-256:3941364D0278E2C4D686FAA4A135D16A457B4BC98C5A08E62AA12F3ADC09AA7F
                                                                                                                                                                                                                                                    SHA-512:D0D9EB1AA029BD4C34953EE5F4B60C09CF1D4F0B21C061DB4EDE1B5EC65D7A07FC2F780ADE5CE51F2F781D272AC32257B95EEDF471F7295BA70B5BA51DB6C51D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..........S.h.<...i.D...j.P...k._...l.j...n.r...o.w...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................&.....-.........../.....4.........................................?.....K.....U.........................................3.....H.....g...................................B.....n........................................._.....................................................1.....\.....~.......................G.....k.....z...............................................<...................................\.....................................................:.....U.....s...........................................................$.................b.....w.......................9.....U.....q.....w...................................<.......................?....._.....k........................... .....".....%.0...(.R...*.....+.....,.........../.....0.....1.K...3.e...4.....5.....6.....7.L...8.....9.....;.....<.....=.....>.....?.....@.!...A.Q...C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\vi.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):466098
                                                                                                                                                                                                                                                    Entropy (8bit):5.819101554769623
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:3CwEs5kAfnzs0ACmwSxXwzIJWl+58Qagi7+URTJziV53f:3qOFfnzs0AHwSGz5A5rri7+UtliV53f
                                                                                                                                                                                                                                                    MD5:DB0EB3183007DE5AAE10F934FFFACC59
                                                                                                                                                                                                                                                    SHA1:E9EA7AEFFE2B3F5CF75AB78630DA342C6F8B7FD9
                                                                                                                                                                                                                                                    SHA-256:DDABB225B671B989789E9C2CCD1B5A8F22141A7D9364D4E6EE9B8648305E7897
                                                                                                                                                                                                                                                    SHA-512:703EFD12FCACE8172C873006161712DE1919572C58D98B11DE7834C5628444229F5143D231C41DA5B9CF729E32DE58DEE3603CB3D18C6CDD94AA9AA36FBF5DE0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........_...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.!...t.*...v.?...w.L...y.R...z.a...|.g...}.y.........................................................................................%.....2.....;.....b.....n.....x.........................................%...../.....F.....f.....q...............................................!.....2.....D.....T.....{.................................................................+.....V.....t...........................................................:.....D.....c...................................F.....................................................#.....A.....Q.....i.................................................................E.....z.............................4.....?.....O.....Z.....e.....x.............................<.....T.....z............................................. ."...".;...%.a...(.....*.....+.....,.........../.....0.....1.G...3.T...4.p...5.....6.....7.....8.....9.....;.+...<.5...=.F...>.a...?.m...@.....A.....C...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\zh-CN.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):340874
                                                                                                                                                                                                                                                    Entropy (8bit):6.70707570391969
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:fmLpS8IeOL27M807pnCKjEWkE0G5xNlEPeVplD:fmLQmK2I1nCKjEjG5xNlEPe
                                                                                                                                                                                                                                                    MD5:82326E465E3015C64CA1DB77DC6A56BC
                                                                                                                                                                                                                                                    SHA1:E8ABE12A8DD2CC741B9637FA8F0E646043BBFE3D
                                                                                                                                                                                                                                                    SHA-256:6655FD9DCDFAF2ABF814FFB6C524D67495AED4D923A69924C65ABEAB30BC74FB
                                                                                                                                                                                                                                                    SHA-512:4989789C0B2439666DDA4C4F959DFFC0DDCB77595B1F817C13A95ED97619C270151597160320B3F2327A7DAFFC8B521B68878F9E5E5FB3870EB0C43619060407
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:........,...h.J...i.R...j.U...k.d...l.k...m.s...o.y...p.~...r.....s.....t.....v.....w.....|.....}.......................................................%.....'.....,.....Z.....c.....o.......................................................................C.....[.....a.....m.................................................................!.....9.....E.....i.....x.....~.................................................................2.....J.....b.....n.....t.....|...........................................................%.....=.....^......................................................................./.....C.....R.....Y.....\.....^.....s.....|.........................................>.....D.......................................................................(.....@.....j.....|...............................................%... .+...".7...%.R...(.g...*.|...+.....,.........../.....0.....1.....3. ...4.5...5.V...6.....7.....8.....9.....;.....<.....=.....>.,...?.<...@.T...A.....C.....D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\locales\zh-TW.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):338121
                                                                                                                                                                                                                                                    Entropy (8bit):6.721086394879431
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:zQmZEIQee2hZuwv+2440f5lHz8wMCM/9ylTN:cvIpn+2440f5lHzgT/C
                                                                                                                                                                                                                                                    MD5:2456BF42275F15E016689DA166DF9008
                                                                                                                                                                                                                                                    SHA1:70F7DE47E585DFEA3F5597B5BBA1F436510DECD7
                                                                                                                                                                                                                                                    SHA-256:ADF8DF051B55507E5A79FA47AE88C7F38707D02DFAC0CC4A3A7E8E17B58C6479
                                                                                                                                                                                                                                                    SHA-512:7E622AFA15C70785AAF7C19604D281EFE0984F621D6599058C97C19D3C0379B2EE2E03B3A7EC597040A4EEE250A782D7EC55C335274DD7DB7C7CA97DDCFD378A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............h.....i.+...j./...k.>...l.I...n.Q...o.V...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.............................................................>.....G.....S.....b.....h.....................................................!.....0.....H.....N.....Z.....i.....r.....~.................................................................2.....D.....J.....S....._.....k.....q.....w.....}.......................................................................).....5.....B.....W.....c.....o.........................................&...../.....;.....G.....Y.....t.....w...............................................................................................[.........................................?.....K.....W.....].....i.....o.....u.........................................E.....T.....Z.....`.....l............... .....".....%.....(.....*.....+.....,.......C.../.[...0.d...1.....3.....4.....5.....6.....7.%...8.7...9.C...;.U...<.e...=.u...>.....?.....@.....A.....C.....D...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\resources.pak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5430320
                                                                                                                                                                                                                                                    Entropy (8bit):7.995406820581218
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:98304:/Zgm9tHEEIcjWbEvKfwa2sEJFz993CNh1QeHQF5qrwrw5z0uxRRrY2kuDYj9ds:RgAtkEx4EKfatyNhHwFkkrw5IcRRtkFs
                                                                                                                                                                                                                                                    MD5:7971A016AED2FB453C87EB1B8E3F5EB2
                                                                                                                                                                                                                                                    SHA1:92B91E352BE8209FADCF081134334DEA147E23B8
                                                                                                                                                                                                                                                    SHA-256:9CFD5D29CDE3DE2F042E5E1DA629743A7C95C1211E1B0B001E4EEBC0F0741E06
                                                                                                                                                                                                                                                    SHA-512:42082AC0C033655F2EDAE876425A320D96CDAEE6423B85449032C63FC0F7D30914AA3531E65428451C07912265B85F5FEE2ED0BBDB362994D3A1FA7B14186013
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:............f.R......&....h).....,...4_?...4.G...4.J...4.\...4.e...4.l...4Ho...4.u...4.w...4.y...4.}...4....4&....4H....4.....4....4.....4F....4.....4.....4[....4d....4e....4.....4.....4.....4l....4.....4.....4.....4.....4g....4.....5.....5?....5.....5.....5H....5.:...5.=..~5]D...5oE...5;F...57H...5.H...5mI...5}M...56O...5.T...5{y...5c....5.....5.....5.....5.....5.....5G....5W....<.....<Y(...<.*...<j,...<N-...<.1..,<.2..-</=...<.H../<.T..0<._...@.p...@.x...@g|...@}}...@.~...@.i...Agv...A]x...A.....A.....A'....A....A.....A.....AT....Al....A.....A.....Ao....A$....A.....A2....A=....Ae....A.....A.....AS!...A.%...AH,...Am:...AM<...A:>...A.@...AuB...A.C.. AZF...N....N.....N.....Nc....NL....N....NM....N.....O.....O}....O.....O.....O#....O.....O}....O.....Od....O4....O.....O.0...O.7...Og>...O.A..$O.W..%O.Y..&O]c..'O.d..(O.i..)O.k..*Opm..+O.x..,O(|..-Oq....O..../O....0O....1O...2Og...3O....4O....5Ot...6O....7O....8OV...9OB...:O....;Om...<O....=O....>O....?Om...@OI...AO....BO....CO....DO..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\resources\app.asar

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):33320957
                                                                                                                                                                                                                                                    Entropy (8bit):6.361797611132365
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:196608:0K0V3rXjcovQ07qq+EDu2g1G5psKI4ne1Jpgjrnqd3cCUeo88H88D888HjtkEyBz:ErXoovhW/EDBeKIYeZ+ud+
                                                                                                                                                                                                                                                    MD5:6D513BC85BE867C001A77D1DC2913952
                                                                                                                                                                                                                                                    SHA1:BF910AABE8A750C0B34AED134E27ACBCC65A35F5
                                                                                                                                                                                                                                                    SHA-256:147B789ED9537EE80A7F73199DEFFEAC3F0546B6DC6722A92D8AB812C67F1247
                                                                                                                                                                                                                                                    SHA-512:6AF7FAF800B6D5077C3E4D5182C245E6C0D79A22414C90A2A11CE09EAAB4119219B600F13CBFFF09A7E598CA196A1305AE99D3CC4FAC321222EB8A486A8508D2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:....P...L...H...{"files":{"196b109f79670e11.js":{"size":2279873,"integrity":{"algorithm":"SHA256","hash":"1f74cfb89a99c40fc17fa85ba2f1db584e64dabd5ae85fc228cf60857741a2f5","blockSize":4194304,"blocks":["1f74cfb89a99c40fc17fa85ba2f1db584e64dabd5ae85fc228cf60857741a2f5"]},"offset":"0"},"package.json":{"size":576,"integrity":{"algorithm":"SHA256","hash":"bd12377370f62b5bf16e03766b69ac68c21c799713dd71c5ef612e45a1393693","blockSize":4194304,"blocks":["bd12377370f62b5bf16e03766b69ac68c21c799713dd71c5ef612e45a1393693"]},"offset":"2279873"},"node_modules":{"files":{"@isaacs":{"files":{"cliui":{"files":{"LICENSE.txt":{"size":731,"integrity":{"algorithm":"SHA256","hash":"2dc0465729366c3a7890dfa9e972a1ba7048a26c02116fb8b419a6a1ac110149","blockSize":4194304,"blocks":["2dc0465729366c3a7890dfa9e972a1ba7048a26c02116fb8b419a6a1ac110149"]},"offset":"7988439"},"index.mjs":{"size":299,"integrity":{"algorithm":"SHA256","hash":"b75d22297e1bd8992f86218f1749435d05921d2d765697e46a43f680b2edc859","blockSize":4

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\resources\elevate.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):107520
                                                                                                                                                                                                                                                    Entropy (8bit):6.442687067441468
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                                                                                                    SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                                                                                                    SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                                                                                                    SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\snapshot_blob.bin

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):162352
                                                                                                                                                                                                                                                    Entropy (8bit):4.860588090157433
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:8FEF5A96DBCC46887C3FF392CBDB1B48
                                                                                                                                                                                                                                                    SHA1:ED592D75222B7828B7B7AAB97B83516F60772351
                                                                                                                                                                                                                                                    SHA-256:4DE0F720C416776423ADD7ADA621DA95D0D188D574F08E36E822AD10D85C3ECE
                                                                                                                                                                                                                                                    SHA-512:E52C7820C69863ECC1E3B552B7F20DA2AD5492B52CAC97502152EBFF45E7A45B00E6925679FD7477CDC79C68B081D6572EEED7AED773416D42C9200ACCC7230E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.........4D11.0.226.20-electron.0...........................................6.. ...`.......06..a........a........a........ar.......a........a..............a.D.q..........`$.........D.u..........`$.......D.y..........`$.......u.D.}..........`$.........D............`D.........D............`$.......=.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....D.....@..F^.!..%.`.....(Jb....H.....@..F^..`.....H...IDa........D`....D`....D`.......`.....D]...D....D`......VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa............L.........................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):476792
                                                                                                                                                                                                                                                    Entropy (8bit):5.595608653079527
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:A373D83D4C43BA957693AD57172A251B
                                                                                                                                                                                                                                                    SHA1:8E0FDB714DF2F4CB058BEB46C06AA78F77E5FF86
                                                                                                                                                                                                                                                    SHA-256:43B58CA4057CF75063D3B4A8E67AA9780D9A81D3A21F13C64B498BE8B3BA6E0C
                                                                                                                                                                                                                                                    SHA-512:07FBD84DC3E0EC1536CCB54D5799D5ED61B962251ECE0D48E18B20B0FC9DD92DE06E93957F3EFC7D9BED88DB7794FE4F2BEC1E9B081825E41C6AC3B4F41EAB18
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.........K..11.0.226.20-electron.0..............................................`....f..8...........h...a........a........aT.......ar.......a........a..............a.D.q..........`$.........D.u..........`$.......D.y..........`$.......u.D.}..........`$.........D............`D.........D............`$.......=.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....D.....@..F^.!..%.`.....(Jb....H.....@..F^..`.....H...IDa........D`....D`....D`.......`.....D]...D....D`......VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa............L.................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\vk_swiftshader.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5209088
                                                                                                                                                                                                                                                    Entropy (8bit):6.329767466271418
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:A0845E0774702DA9550222AB1B4FDED7
                                                                                                                                                                                                                                                    SHA1:65D5BD6C64090F0774FD0A4C9B215A868B48E19B
                                                                                                                                                                                                                                                    SHA-256:6150A413EBE00F92F38737BDCCF493D19921EF6329FCD48E53DE9DBDE4780810
                                                                                                                                                                                                                                                    SHA-512:4BE0CB1E3C942A1695BAE7B45D21C5F70E407132ECC65EFB5B085A50CDAB3C33C26E90BD7C86198EC40FB2B18D026474B6C649776A3CA2CA5BFF6F922DE2319B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." ......?..........&8...................................... Q...........`A........................................X.J.~.....J.P.....P.......N..c............P..}....J.....................h.J.(...@.?.8...........x.K.P............................text...".?.......?................. ..`.rdata..$.....?.. ....?.............@..@.data...`.....K.......K.............@....pdata...c....N..d...\M.............@..@.00cfg..(.....P.......N.............@..@.gxfg...`,... P.......N.............@..@.retplne\....PP.......N..................tls....Q....`P.......N.............@....voltbl.8....pP.......N................._RDATA........P.......N.............@..@.rsrc.........P.......N.............@..@.reloc...}....P..~....N.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):106
                                                                                                                                                                                                                                                    Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                                                    SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                                                    SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                                                    SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\7z-out\vulkan-1.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):920576
                                                                                                                                                                                                                                                    Entropy (8bit):6.556557427650666
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:0E4E0F481B261EA59F196E5076025F77
                                                                                                                                                                                                                                                    SHA1:C73C1F33B5B42E9D67D819226DB69E60D2262D7B
                                                                                                                                                                                                                                                    SHA-256:F681844896C084D2140AC210A974D8DB099138FE75EDB4DF80E233D4B287196A
                                                                                                                                                                                                                                                    SHA-512:E6127D778EC73ACBEB182D42E5CF36C8DA76448FBDAB49971DE88EC4EB13CE63140A2A83FC3A1B116E41F87508FF546C0D7C042B8F4CDD9E07963801F3156BA2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." .....l................................................................`A............................................<!..T...P...............pn..............<...Tn......................8m..(...@...8............................................text....k.......l.................. ..`.rdata..4............p..............@..@.data....L...P... ...6..............@....pdata..pn.......p...V..............@..@.00cfg..(...........................@..@.gxfg... (... ...*..................@..@.retplne\....P...........................tls.........`......................@....voltbl.8....p.........................._RDATA..............................@..@.rsrc...............................@..@.reloc..<...........................@..B........................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\SpiderBanner.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9216
                                                                                                                                                                                                                                                    Entropy (8bit):5.5347224014600345
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:17309E33B596BA3A5693B4D3E85CF8D7
                                                                                                                                                                                                                                                    SHA1:7D361836CF53DF42021C7F2B148AEC9458818C01
                                                                                                                                                                                                                                                    SHA-256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
                                                                                                                                                                                                                                                    SHA-512:1ABAC3CE4F2D5E4A635162E16CF9125E059BA1539F70086C2D71CD00D41A6E2A54D468E6F37792E55A822D7082FB388B8DFECC79B59226BBB047B7D28D44D298
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wy./../../....../..Wi./..Wx./..W~./..W{./..Rich./..................PE..L...T{mW...........!................p!.......0...............................p............@..........................5..o...l1..P....P.......................`.......................................................0...............................text............................... ..`.rdata.......0......................@..@.data........@......................@....rsrc........P......................@..@.reloc..d....`....... ..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\StdUtils.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):102400
                                                                                                                                                                                                                                                    Entropy (8bit):6.729923587623207
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                                                                                                                                                    SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                                                                                                                                                    SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                                                                                                                                                    SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\System.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                                                                                                    Entropy (8bit):5.719859767584478
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                                                                                                    SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                                                                                                    SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                                                                                                    SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\app-64.7z

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):79260688
                                                                                                                                                                                                                                                    Entropy (8bit):7.999994745298454
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:88AEA4DA9E9BA9EF087412E76CFAE3F4
                                                                                                                                                                                                                                                    SHA1:C16733FE7A49CAD6EAEDAE4E1B56D386AA68347E
                                                                                                                                                                                                                                                    SHA-256:28782E4DE27281363B792C9141DC094F09A20B7249DC52A54BBF95D10C468273
                                                                                                                                                                                                                                                    SHA-512:2E7537C41B9F38709776A5959E6209C7D7B13F81644E7640AEE4582D980AFC68C73F08F55CC125C40B71ECC2D9D188728754B0BAF2B77B83BF1B6C96271D6162
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:7z..'.....F..k......%........m.......]...6...#k.![y.`.Gr#.f..F.....c}.R|..j=...,._..z..gC5Q.j...7S.:0`..o..^.._e....0.....K....T).XS.CPP'....B...&...<..f........`".U01o...QI.3i.].vD.d9...V...>%.+..5...~M.,.[.....q..1..../.&.h...4;!<..-O......4r......8..a.\I....=...!NNs.QB.."..M?....J..D...bvy....u#.:,..y..5T^.&'% !"....-...u<kJ..;..9..X6....v..b...T.9u..#.v.(l....n.......v...ZE.i...uEcGJ!c+.;...Z.n.:.0...-...!..$...^l-`A%kX<..,.....2...........^....a...L...s.x..RN.w..]@;~ymo:J.....i..M......h..Z.nL...........J}J.. .l...O...[5.>.5........;....o..up..1.N4H9.K..es....l.(.-W=(z.OR.|r .k.......\.?}.ua..L.~..'K).&...iIAoe...u.. ...Z.f../8P.....H._.!........@_.S..m.*F....g....-....i.:&i..h.n..6&..H.}..!.T...e....S.........$.....Sazv...[.W9+.A..}P^.p........uFh..\o...Ft...$.p..-.....:).......g\...&>.^.<..!8N.@mmC....?.Q.(.]t....8.i.........!fh..dd....)...eL.L`.a..Z1hD.$.j..[Fz..I..b.C.|...._\.w$..5.rB.+....B..&!....i..J..8..7..u..x.h...?......!p.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\nsExec.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6656
                                                                                                                                                                                                                                                    Entropy (8bit):5.155286976455086
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
                                                                                                                                                                                                                                                    SHA1:91B5CE085130C8C7194D66B2439EC9E1C206497C
                                                                                                                                                                                                                                                    SHA-256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
                                                                                                                                                                                                                                                    SHA-512:3F918F1B47E8A919CBE51EB17DC30ACC8CFC18E743A1BAE5B787D0DB7D26038DC1210BE98BF5BA3BE8D6ED896DBBD7AC3D13E66454A98B2A38C7E69DAD30BB57
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,..................Rich...........PE..L....~.\...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..L.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsy443.tmp\nsis7z.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):434176
                                                                                                                                                                                                                                                    Entropy (8bit):6.584811966667578
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                                                                                                    SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                                                                                                    SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                                                                                                    SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\All_Wallets.zip

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:Zip archive data (empty)
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):22
                                                                                                                                                                                                                                                    Entropy (8bit):1.0476747992754052
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:76CDB2BAD9582D23C1F6F4D868218D6C
                                                                                                                                                                                                                                                    SHA1:B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
                                                                                                                                                                                                                                                    SHA-256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
                                                                                                                                                                                                                                                    SHA-512:5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:PK....................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\unrealgame\4be3e93f-642e-43fd-ac48-7fd995566b6b.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):389
                                                                                                                                                                                                                                                    Entropy (8bit):5.634800454312943
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:E87F5857A57A1725F5D53F87EF9B5197
                                                                                                                                                                                                                                                    SHA1:9884E5FC8172C3BBFEA5D96ECAB958F42BF21268
                                                                                                                                                                                                                                                    SHA-256:A5CB5BDC21C4385DD244DFB887166839804399BC38C39B000D956A41844A915C
                                                                                                                                                                                                                                                    SHA-512:9526F446A4129E6A9C0B4BEBB6B240E9B491CB28C9629470AD39EC197D44483451194DFE064F4D39773C6810AC39298AB997CD53B564131FA597FC5F693E3E12
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACG10QBQgWtTqhmztldrBzEAAAAAAIAAAAAABBmAAAAAQAAIAAAAFSmadP9b7lvFRP6eoNfka66P54xQR0oT5kd4yZ8hOM/AAAAAA6AAAAAAgAAIAAAAKj+1lR5yi7Y6i6/rKM55ZDuLpCdyujbBwO44U85PC0RMAAAAICOHS8hhWvpb9MAJdOyOb5dSL7luaQZK/+2ZtVGsiZTDweqXSKUdvvvuQutDo47fEAAAACqjCzNecuCVwJkZ8+O8wwQA69Hz7xvurZuPqV0mwWLIuS158irSKfjqVxhsA62NMUc7uEGU8vdVfadTtsMuZ/1"}}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\unrealgame\Local State (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):389
                                                                                                                                                                                                                                                    Entropy (8bit):5.634800454312943
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:E87F5857A57A1725F5D53F87EF9B5197
                                                                                                                                                                                                                                                    SHA1:9884E5FC8172C3BBFEA5D96ECAB958F42BF21268
                                                                                                                                                                                                                                                    SHA-256:A5CB5BDC21C4385DD244DFB887166839804399BC38C39B000D956A41844A915C
                                                                                                                                                                                                                                                    SHA-512:9526F446A4129E6A9C0B4BEBB6B240E9B491CB28C9629470AD39EC197D44483451194DFE064F4D39773C6810AC39298AB997CD53B564131FA597FC5F693E3E12
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACG10QBQgWtTqhmztldrBzEAAAAAAIAAAAAABBmAAAAAQAAIAAAAFSmadP9b7lvFRP6eoNfka66P54xQR0oT5kd4yZ8hOM/AAAAAA6AAAAAAgAAIAAAAKj+1lR5yi7Y6i6/rKM55ZDuLpCdyujbBwO44U85PC0RMAAAAICOHS8hhWvpb9MAJdOyOb5dSL7luaQZK/+2ZtVGsiZTDweqXSKUdvvvuQutDo47fEAAAACqjCzNecuCVwJkZ8+O8wwQA69Hz7xvurZuPqV0mwWLIuS158irSKfjqVxhsA62NMUc7uEGU8vdVfadTtsMuZ/1"}}

                                                                                                                                                                                                                                                    Chrome Cache Entry: 222

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (3356)
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):3361
                                                                                                                                                                                                                                                    Entropy (8bit):5.835718413108343
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:685D85781B26CC9118237B0B2403D8E8
                                                                                                                                                                                                                                                    SHA1:8F7F201872F05C2D6EB7363E4C806D63FCD75436
                                                                                                                                                                                                                                                    SHA-256:D1F32D3766B457E85D2483FB8885FEB54F45951535B382B58D9B642BD304B485
                                                                                                                                                                                                                                                    SHA-512:08AE2460FA81535B7B6F01FCF97109814B92F2B78ED070FF30F0B48449F10F74673159A1D38A9A6BC29B8834CB9E0C122DF27D9A31FECDB0EFF2176EC9A9EF48
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                    Preview:)]}'.["",["disney southern california tickets","recalled cucumbers costco","asteroid hitting earth nasa","rockstar games gta 6 trailer","snowfall weather forecast","mlb baseball","school closings delays","superman \u0026 lois series finale"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wOXAxNBIPQmFzZWJhbGwgbGVhZ3VlMucNZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBY0FBQUNBd0FEQVFBQUFBQUFBQUFBQUFBREJ3QUVCZ0lGQ0FIL3hBQTFFQUFCQWdVQ0JBUUZBUWtCQUFBQUFBQUJBZ01BQkFVUkVnWWhFekZSWVFjaV

                                                                                                                                                                                                                                                    Chrome Cache Entry: 223

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                                                                    Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                    SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                    SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                    SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                    Chrome Cache Entry: 224

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):134654
                                                                                                                                                                                                                                                    Entropy (8bit):5.442955976418147
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                    MD5:9AA666A69A0ECF84F77322215C17AA9C
                                                                                                                                                                                                                                                    SHA1:2D92B553F89221684EA140DFB19684B08FB575DC
                                                                                                                                                                                                                                                    SHA-256:F13D23D98E875A9748E94420360E4C62616096B37A3AA76D86F4666CDC32761B
                                                                                                                                                                                                                                                    SHA-512:875C2AC5C857B9BD2E957BF9730F2BA177AC3937DDF52AC76090AACB08EDB6837C47CA6D3629F9760B585EEA71F539117DC8129FE60343AD518D8ABBF1CB6954
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                    Entropy (8bit):7.999980549853268
                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                    File name:Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    File size:79'764'652 bytes
                                                                                                                                                                                                                                                    MD5:0157b710ec82b63db471a4030979fbd3
                                                                                                                                                                                                                                                    SHA1:03e1e97522f61193836a6f2b489699ba5b087b5e
                                                                                                                                                                                                                                                    SHA256:4bcd67e69705a2aed00ecfb30e2e9f05af8a0e00d5cb787e8427d100f766ca54
                                                                                                                                                                                                                                                    SHA512:64007bef4f0f44c6b46bb858f18a330b7e9c2fcc042cbf240d37290b5b128ed17c539b3b1b78c2852499c55ac4dcd151d9fd1ed0bb55aacd2bef7c2359664f8d
                                                                                                                                                                                                                                                    SSDEEP:1572864:c44opqebwv/Ubzv9xFJgHaXOTqPLk8rDbDkkagQkpIEtrI+4IH751iPZG:c4Hlbq/UHzFJsNH8nkkagQfWrRd11UZG
                                                                                                                                                                                                                                                    TLSH:A90833D0887D9412E8841D7E9EA54BFC969A37356FF3D88AC041BD7CEEB301D071986A
                                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                    Icon Hash:0771ccf8d84d2907

                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Entrypoint:0x40338f
                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                    Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                                    Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                    sub esp, 000002D4h
                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                    push edi
                                                                                                                                                                                                                                                    push 00000020h
                                                                                                                                                                                                                                                    pop edi
                                                                                                                                                                                                                                                    xor ebx, ebx
                                                                                                                                                                                                                                                    push 00008001h
                                                                                                                                                                                                                                                    mov dword ptr [esp+14h], ebx
                                                                                                                                                                                                                                                    mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                                                    call dword ptr [004080A8h]
                                                                                                                                                                                                                                                    call dword ptr [004080A4h]
                                                                                                                                                                                                                                                    and eax, BFFFFFFFh
                                                                                                                                                                                                                                                    cmp ax, 00000006h
                                                                                                                                                                                                                                                    mov dword ptr [0047AEECh], eax
                                                                                                                                                                                                                                                    je 00007F7554C55463h
                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                    call 00007F7554C58715h
                                                                                                                                                                                                                                                    cmp eax, ebx
                                                                                                                                                                                                                                                    je 00007F7554C55459h
                                                                                                                                                                                                                                                    push 00000C00h
                                                                                                                                                                                                                                                    call eax
                                                                                                                                                                                                                                                    mov esi, 004082B0h
                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                    call 00007F7554C5868Fh
                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                    call dword ptr [00408150h]
                                                                                                                                                                                                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                                                                                    cmp byte ptr [esi], 00000000h
                                                                                                                                                                                                                                                    jne 00007F7554C5543Ch
                                                                                                                                                                                                                                                    push 0000000Ah
                                                                                                                                                                                                                                                    call 00007F7554C586E8h
                                                                                                                                                                                                                                                    push 00000008h
                                                                                                                                                                                                                                                    call 00007F7554C586E1h
                                                                                                                                                                                                                                                    push 00000006h
                                                                                                                                                                                                                                                    mov dword ptr [0047AEE4h], eax
                                                                                                                                                                                                                                                    call 00007F7554C586D5h
                                                                                                                                                                                                                                                    cmp eax, ebx
                                                                                                                                                                                                                                                    je 00007F7554C55461h
                                                                                                                                                                                                                                                    push 0000001Eh
                                                                                                                                                                                                                                                    call eax
                                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                                    je 00007F7554C55459h
                                                                                                                                                                                                                                                    or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                    call dword ptr [00408044h]
                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                    call dword ptr [004082A0h]
                                                                                                                                                                                                                                                    mov dword ptr [0047AFB8h], eax
                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                    lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                                                    push 000002B4h
                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                    push 00440208h
                                                                                                                                                                                                                                                    call dword ptr [00408188h]
                                                                                                                                                                                                                                                    push 0040A2C8h

                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x19f0000x5968.rsrc
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                    .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .ndata0x7b0000x1240000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .rsrc0x19f0000x59680x5a00de31c045e84038aea7ef34bb9bc488a1False0.4951388888888889data5.453547846840774IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                    RT_ICON0x19f5c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.7213883677298312
                                                                                                                                                                                                                                                    RT_ICON0x1a06700xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688, 256 important colorsEnglishUnited States0.6751066098081023
                                                                                                                                                                                                                                                    RT_ICON0x1a15180x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colorsEnglishUnited States0.7851985559566786
                                                                                                                                                                                                                                                    RT_ICON0x1a1dc00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.6560693641618497
                                                                                                                                                                                                                                                    RT_ICON0x1a23280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8031914893617021
                                                                                                                                                                                                                                                    RT_ICON0x1a27900x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.3118279569892473
                                                                                                                                                                                                                                                    RT_ICON0x1a2a780x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.36824324324324326
                                                                                                                                                                                                                                                    RT_DIALOG0x1a2ba00x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                                                    RT_DIALOG0x1a2da80xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                                                    RT_DIALOG0x1a2ea00xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                                                    RT_DIALOG0x1a2f900x1fadataEnglishUnited States0.40118577075098816
                                                                                                                                                                                                                                                    RT_DIALOG0x1a31900xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                                                                                                    RT_DIALOG0x1a32800xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                                                                                                    RT_DIALOG0x1a33680x1eedataEnglishUnited States0.38866396761133604
                                                                                                                                                                                                                                                    RT_DIALOG0x1a35580xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                                                                                                    RT_DIALOG0x1a36400xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                                                                                                    RT_DIALOG0x1a37200x1eedataEnglishUnited States0.3866396761133603
                                                                                                                                                                                                                                                    RT_DIALOG0x1a39100xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                                                                                                    RT_DIALOG0x1a39f80xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                                                                                                    RT_DIALOG0x1a3ad80x1f2dataEnglishUnited States0.39759036144578314
                                                                                                                                                                                                                                                    RT_DIALOG0x1a3cd00xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                                                                                                    RT_DIALOG0x1a3db80xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                                                    RT_DIALOG0x1a3e980x202dataEnglishUnited States0.42217898832684825
                                                                                                                                                                                                                                                    RT_DIALOG0x1a40a00xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                                                                    RT_DIALOG0x1a41980xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                                                    RT_GROUP_ICON0x1a42880x68dataEnglishUnited States0.6634615384615384
                                                                                                                                                                                                                                                    RT_VERSION0x1a42f00x250dataEnglishUnited States0.4847972972972973
                                                                                                                                                                                                                                                    RT_MANIFEST0x1a45400x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                    KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                                                                                                    USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                                                    SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                                                                                                    ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                                                                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:13.945178032 CET49755443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:13.945199013 CET4434975538.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:13.945425034 CET49755443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.001056910 CET49755443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.001064062 CET4434975538.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.510672092 CET4434975538.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.511365891 CET49755443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.511374950 CET4434975538.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.513017893 CET4434975538.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.513204098 CET49755443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.515400887 CET49755443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.515434027 CET4434975538.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.515579939 CET4434975538.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.515686035 CET49755443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.515820980 CET49755443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.529103994 CET49756443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.529120922 CET4434975638.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.529257059 CET49756443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.529951096 CET49756443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:14.529959917 CET4434975638.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.032125950 CET4434975638.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.033281088 CET49756443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.033298016 CET4434975638.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.035684109 CET4434975638.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.036015034 CET49756443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.037297010 CET49756443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.037349939 CET4434975638.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.037512064 CET4434975638.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.037697077 CET49756443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.038361073 CET49757443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.038392067 CET4434975738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.038538933 CET49757443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.038539886 CET49756443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.038918972 CET49757443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.038928032 CET4434975738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.540838003 CET4434975738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.541738987 CET49757443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.541757107 CET4434975738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.544131041 CET4434975738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.544347048 CET49757443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.544945002 CET49757443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.545007944 CET4434975738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.545126915 CET49757443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.699831009 CET49758443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.699862003 CET4434975894.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.700545073 CET49758443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.700597048 CET49758443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.700604916 CET4434975894.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.076780081 CET4434975894.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.077575922 CET49758443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.077594042 CET4434975894.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.079066038 CET4434975894.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.079510927 CET49758443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.080147028 CET49758443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.080219030 CET4434975894.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.080354929 CET49758443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.210941076 CET49759443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.210971117 CET44349759143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.211906910 CET49759443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.211906910 CET49759443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.211947918 CET44349759143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.573787928 CET44349759143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.574314117 CET49759443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.574337959 CET44349759143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.576138020 CET44349759143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.576348066 CET49759443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.577189922 CET49759443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.577272892 CET44349759143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.577430010 CET44349759143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.577924967 CET49759443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.577924967 CET49759443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.581283092 CET49760443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.581310034 CET4434976038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.582230091 CET49760443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.582258940 CET49760443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.582272053 CET4434976038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:17.085282087 CET4434976038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:17.086046934 CET49760443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:17.086060047 CET4434976038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:17.087408066 CET4434976038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:17.087671995 CET49760443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:17.088648081 CET49760443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:17.088699102 CET4434976038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:17.088809967 CET49760443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:17.088841915 CET4434976038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:17.089020967 CET49760443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.600840092 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.600856066 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.601345062 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.601686001 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.601694107 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.883234024 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.883250952 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.883521080 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.883863926 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.883873940 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.925525904 CET49767443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.925542116 CET44349767142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.925652027 CET49768443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.925688982 CET44349768142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.925759077 CET49767443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.926083088 CET49768443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.926101923 CET49767443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.926110983 CET44349767142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.926275969 CET49768443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.926297903 CET44349768142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.070240974 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.070698977 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.070707083 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.071656942 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.071825981 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.072529078 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.072629929 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.072712898 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.114204884 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.127125025 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.127131939 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.173863888 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.350538969 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.351768970 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.351783037 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.352464914 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.352590084 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.352616072 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.352715015 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.353080988 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.353125095 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.353132963 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.353434086 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.353467941 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.353534937 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.353569031 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.354227066 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.354504108 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.354688883 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.355042934 CET49765443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.355052948 CET44349765142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.389872074 CET44349767142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.390265942 CET49767443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.390290022 CET44349767142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.391041040 CET44349767142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.391855955 CET49767443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.391855955 CET49767443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.391855955 CET49767443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.391944885 CET44349767142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.393368959 CET44349768142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.393650055 CET49768443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.393659115 CET44349768142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.394449949 CET44349768142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.394618988 CET49768443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.394865036 CET49768443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.394952059 CET44349768142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.395570040 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.395622015 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.442342997 CET49768443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.442348003 CET44349768142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.442419052 CET49767443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.442428112 CET44349767142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.442545891 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.489217043 CET49768443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.489244938 CET49767443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.653040886 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.653063059 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.653258085 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.653279066 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.653420925 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.653979063 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.653979063 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.653979063 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.653992891 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.661396980 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.661716938 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.661731958 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.665965080 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.666166067 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.666177988 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.680989981 CET44349767142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.681303978 CET44349767142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.681469917 CET49767443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.681988001 CET49767443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.682002068 CET44349767142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.709206104 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.779211044 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.784086943 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.784099102 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.784259081 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.784269094 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.784431934 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.792965889 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.802125931 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.802232027 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.802299023 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.802309036 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.802460909 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.811319113 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.820470095 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.820554972 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.820667028 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.820677042 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.820842981 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.829715967 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.838829041 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.838912010 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.839238882 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.839248896 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.839643955 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.848071098 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.857294083 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.857523918 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.857592106 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.857600927 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.857956886 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.866405964 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.875833988 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.876498938 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.876507998 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.905615091 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.905766964 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.905774117 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.910089970 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.910320044 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.910326958 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.918473005 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.918629885 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.918638945 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.926583052 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.926791906 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.926800966 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.933793068 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.934698105 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.934706926 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.941051960 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.941231966 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.941239119 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.947747946 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.948456049 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.948465109 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.954700947 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.955316067 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.955324888 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.961462975 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.961637974 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.961644888 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.968137026 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.968369961 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.968374014 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.968377113 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.968597889 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.974841118 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.981688976 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.981870890 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.981879950 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.988486052 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.988713026 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.988765955 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.988774061 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.988914967 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.995304108 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.002166986 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.002345085 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.002593040 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.002605915 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.002849102 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.009054899 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.015578032 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.015783072 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.015790939 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.021950960 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.022186041 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.022885084 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.022897959 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.023406982 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.028227091 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.034590960 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.034631968 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.034888983 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.034898043 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.036032915 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.040910006 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.044667959 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.044924974 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.044981956 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.044991970 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.045300007 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.048445940 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.052092075 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.052218914 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.052318096 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.052328110 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.052566051 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.055666924 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.059341908 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.059616089 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.060448885 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.060461044 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.060888052 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.062937021 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.066478968 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.066709042 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.067579985 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.067591906 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.068065882 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.070128918 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.073672056 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.073914051 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.074007034 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.074016094 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.074433088 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.077444077 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.080879927 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.080997944 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.081123114 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.081146002 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.081353903 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.084434032 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.087835073 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.088002920 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.088011980 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.091496944 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.091511011 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.092267990 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.092277050 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.092567921 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.094908953 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.095022917 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.095312119 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.095321894 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.098599911 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.098683119 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.098769903 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.098886013 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.098975897 CET49766443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.098985910 CET44349766142.251.35.228192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:23.150964975 CET49768443192.168.11.20142.251.35.228
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.517636061 CET52242443192.168.11.2018.173.166.7
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.517672062 CET4435224218.173.166.7192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.517831087 CET52242443192.168.11.2018.173.166.7
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.518052101 CET52242443192.168.11.2018.173.166.7
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.518085003 CET4435224218.173.166.7192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.782839060 CET4435224218.173.166.7192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.783176899 CET52242443192.168.11.2018.173.166.7
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.783191919 CET4435224218.173.166.7192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.785041094 CET4435224218.173.166.7192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.785382032 CET52242443192.168.11.2018.173.166.7
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.787013054 CET52242443192.168.11.2018.173.166.7
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.787205935 CET4435224218.173.166.7192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.837063074 CET52242443192.168.11.2018.173.166.7
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.837079048 CET4435224218.173.166.7192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.884938955 CET52242443192.168.11.2018.173.166.7
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.949711084 CET64506443192.168.11.20162.159.61.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.949738979 CET44364506162.159.61.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.949911118 CET64506443192.168.11.20162.159.61.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.951441050 CET64506443192.168.11.20162.159.61.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.951459885 CET44364506162.159.61.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.217212915 CET44364506162.159.61.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.217634916 CET64506443192.168.11.20162.159.61.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.217654943 CET44364506162.159.61.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.219753981 CET44364506162.159.61.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.220068932 CET64506443192.168.11.20162.159.61.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.223541021 CET64506443192.168.11.20162.159.61.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.223740101 CET64506443192.168.11.20162.159.61.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.223742962 CET44364506162.159.61.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.265427113 CET64506443192.168.11.20162.159.61.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.265446901 CET44364506162.159.61.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.312354088 CET64506443192.168.11.20162.159.61.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.500688076 CET44364506162.159.61.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.500718117 CET44364506162.159.61.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.500829935 CET64506443192.168.11.20162.159.61.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.501255989 CET64506443192.168.11.20162.159.61.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.501262903 CET44364506162.159.61.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.053544044 CET63867443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.053584099 CET4436386794.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.053725958 CET63867443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.053952932 CET63867443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.053977966 CET4436386794.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.425538063 CET4436386794.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.425962925 CET63867443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.425981998 CET4436386794.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.427855015 CET4436386794.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.428078890 CET63867443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.428587914 CET63867443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.428678989 CET4436386794.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.428847075 CET63867443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.428853989 CET4436386794.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.428963900 CET63867443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.430012941 CET63868443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.430051088 CET44363868143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.430181026 CET63868443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.437849998 CET63868443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.437874079 CET44363868143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.762525082 CET44363868143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.763073921 CET63868443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.763103008 CET44363868143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.765206099 CET44363868143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.765420914 CET63868443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.766122103 CET63868443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.766247034 CET44363868143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.766410112 CET63868443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.767889977 CET63869443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.767932892 CET4436386938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.768125057 CET63869443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.768389940 CET63869443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:27.768418074 CET4436386938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.275342941 CET4436386938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.282607079 CET63869443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.282634020 CET4436386938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.284657001 CET4436386938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.284852982 CET63869443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.285440922 CET63869443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.285546064 CET4436386938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.285696030 CET63869443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.358351946 CET63870443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.358383894 CET4436387038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.358532906 CET63870443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.358814001 CET63870443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.358829021 CET4436387038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701370001 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701390982 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701517105 CET63475443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701535940 CET44363475172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701577902 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701611996 CET52109443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701627970 CET44352109149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701668978 CET50790443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701688051 CET44350790172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701698065 CET63475443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701776028 CET63749443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701792002 CET44363749149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701812029 CET50790443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701812029 CET55762443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701828957 CET44355762149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701841116 CET52109443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701951027 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701957941 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.701966047 CET55762443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.702003002 CET63749443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.702023029 CET63475443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.702035904 CET44363475172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.702296019 CET50790443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.702305079 CET44350790172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.702374935 CET52109443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.702385902 CET44352109149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.702440023 CET55762443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.702450037 CET44355762149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.702552080 CET63749443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.702567101 CET44363749149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.868567944 CET4436387038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.868992090 CET63870443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.869008064 CET4436387038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.870826960 CET4436387038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.871026039 CET63870443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.871701002 CET63870443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.871797085 CET4436387038.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.871953964 CET63870443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.959707022 CET44363475172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.960159063 CET63475443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.960185051 CET44363475172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.961751938 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.961924076 CET44350790172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.962030888 CET44363475172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.962131977 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.962153912 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.962223053 CET50790443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.962245941 CET44350790172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.962351084 CET63475443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.963983059 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.964037895 CET44350790172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.964286089 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.964288950 CET50790443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.969929934 CET44363749149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.970258951 CET63749443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.970283031 CET44363749149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.970495939 CET44352109149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.970818043 CET52109443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.970841885 CET44352109149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.972131968 CET44363749149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.972425938 CET63749443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.972450018 CET44363749149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.972654104 CET63749443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.972696066 CET44352109149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.972992897 CET52109443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.973016977 CET44352109149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.973272085 CET52109443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.974406958 CET44355762149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.974744081 CET55762443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.974770069 CET44355762149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.977590084 CET44355762149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.977847099 CET55762443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.977874041 CET44355762149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.978003025 CET55762443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.407634974 CET51760443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.407687902 CET44351760172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.407840014 CET51760443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.408041000 CET51760443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.408070087 CET44351760172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.423254967 CET53426443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.423297882 CET44353426172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.423408031 CET53426443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.423624039 CET53426443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.423644066 CET44353426172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.502644062 CET52259443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.502682924 CET44352259149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.502871037 CET52259443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.503155947 CET52259443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.503186941 CET44352259149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.533773899 CET59923443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.533813953 CET44359923149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.534049034 CET59923443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.534338951 CET59923443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.534367085 CET44359923149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.666081905 CET44351760172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.666527987 CET51760443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.666554928 CET44351760172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.668700933 CET44351760172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.668910027 CET51760443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.682128906 CET44353426172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.682411909 CET53426443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.682437897 CET44353426172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.685348988 CET44353426172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.685564995 CET53426443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.722196102 CET59134443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.722234964 CET44359134149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.722377062 CET59134443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.722551107 CET59134443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.722572088 CET44359134149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.761244059 CET44352259149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.761605024 CET52259443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.761632919 CET44352259149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.763696909 CET44352259149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.763914108 CET52259443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.793411016 CET44359923149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.793831110 CET59923443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.793858051 CET44359923149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.795942068 CET44359923149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.796192884 CET59923443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.796220064 CET44359923149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.796562910 CET59923443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.816915035 CET52259443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.816942930 CET44352259149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.863969088 CET52259443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.880224943 CET55078443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.880287886 CET44355078172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.880426884 CET55078443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.880731106 CET55078443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.880737066 CET44355078172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.881494999 CET55079443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.881531000 CET4435507938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.881748915 CET55079443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.890579939 CET55079443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.890599012 CET4435507938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.980926037 CET44359134149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.981256008 CET59134443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.981287003 CET44359134149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.983427048 CET44359134149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:29.983654022 CET59134443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.036875010 CET59134443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.036899090 CET44359134149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.085588932 CET59134443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.138906956 CET44355078172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.139417887 CET55078443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.139442921 CET44355078172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.141561985 CET44355078172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.141887903 CET55078443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.393846989 CET4435507938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.394351959 CET55079443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.394370079 CET4435507938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.395735979 CET4435507938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.395947933 CET55079443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.397025108 CET55079443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.397109985 CET4435507938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.397228003 CET4435507938.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.397257090 CET55079443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.397378922 CET55079443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.796468019 CET55404443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.796502113 CET44355404172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.796699047 CET55404443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.796928883 CET55404443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.796946049 CET44355404172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.844000101 CET53145443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.844017029 CET44353145149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.844255924 CET53145443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.844362974 CET53145443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.844368935 CET44353145149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.892016888 CET49465443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.892026901 CET44349465149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.892211914 CET51187443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.892216921 CET44351187172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.892308950 CET49465443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.892393112 CET51187443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.892529011 CET49465443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.892533064 CET44349465149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.892625093 CET51187443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:30.892628908 CET44351187172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.050580978 CET61997443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.050605059 CET44361997149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.050753117 CET61997443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.050911903 CET61997443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.050926924 CET44361997149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.053457975 CET44355404172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.053822041 CET55404443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.053837061 CET44355404172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.055537939 CET44355404172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.055727959 CET55404443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.100727081 CET44353145149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.101156950 CET53145443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.101180077 CET44353145149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.102864981 CET44353145149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.103013992 CET53145443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.146152973 CET53145443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.146174908 CET44353145149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.149725914 CET44349465149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.150078058 CET49465443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.150099993 CET44349465149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.151818037 CET44349465149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.152014017 CET49465443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.152019978 CET44351187172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.152339935 CET51187443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.152352095 CET44351187172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.153980017 CET44351187172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.155003071 CET51187443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.193567991 CET49465443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.193572998 CET53145443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.193583012 CET44349465149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.241482973 CET49465443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.308505058 CET44361997149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.308978081 CET61997443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.308999062 CET44361997149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.310667992 CET44361997149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.311005116 CET61997443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.311026096 CET44361997149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.311300039 CET61997443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.322041988 CET64148443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.322086096 CET44364148172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.322324991 CET64148443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.322447062 CET64148443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.322477102 CET44364148172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.579601049 CET44364148172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.580068111 CET64148443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.580090046 CET44364148172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.581707001 CET44364148172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:31.581990957 CET64148443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.769406080 CET62488443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.769433975 CET44362488149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.769800901 CET62488443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.770067930 CET62488443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.770077944 CET44362488149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.832350016 CET59221443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.832386017 CET44359221172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.832623005 CET59221443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.832828999 CET59221443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.832851887 CET44359221172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.864152908 CET59678443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.864170074 CET44359678172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.864408016 CET59678443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.864671946 CET59678443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.864681005 CET44359678172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.880086899 CET57989443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.880104065 CET44357989149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.880310059 CET57989443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.880506039 CET57989443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:32.880518913 CET44357989149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.026329041 CET44362488149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.026665926 CET62488443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.026684046 CET44362488149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.026920080 CET56723443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.026952028 CET44356723149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.027169943 CET56723443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.027292013 CET56723443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.027313948 CET44356723149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.028342962 CET44362488149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.028558016 CET62488443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.028573036 CET44362488149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.028740883 CET62488443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.090714931 CET44359221172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.091131926 CET59221443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.091152906 CET44359221172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.092835903 CET44359221172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.093064070 CET59221443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.121646881 CET44359678172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.121970892 CET59678443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.121993065 CET44359678172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.123667955 CET44359678172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.123881102 CET59678443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.137239933 CET44357989149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.137595892 CET57989443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.137618065 CET44357989149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.139312983 CET44357989149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.139646053 CET57989443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.139667988 CET44357989149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.139867067 CET57989443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.176930904 CET59678443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.283715010 CET44356723149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.284106970 CET56723443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.284122944 CET44356723149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.285332918 CET44356723149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.285964966 CET56723443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.285979986 CET44356723149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.286133051 CET56723443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.444536924 CET49204443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.444571972 CET44349204172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.444861889 CET49204443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.445117950 CET49204443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.445132971 CET44349204172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.703556061 CET44349204172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.703975916 CET49204443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.704000950 CET44349204172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.706042051 CET44349204172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:33.706288099 CET49204443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:34.815946102 CET49205443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:34.815993071 CET4434920594.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:34.816258907 CET49205443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:34.816535950 CET49205443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:34.816565037 CET4434920594.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.182646990 CET4434920594.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.185916901 CET49205443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.185944080 CET4434920594.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.188143015 CET4434920594.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.188360929 CET49205443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.189095020 CET49205443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.189212084 CET4434920594.139.32.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.189377069 CET49205443192.168.11.2094.139.32.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.190572023 CET49206443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.190612078 CET44349206143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.190795898 CET49206443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.190953016 CET49206443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.190980911 CET44349206143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.521042109 CET44349206143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.521589041 CET49206443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.521617889 CET44349206143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.523771048 CET44349206143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.524039030 CET49206443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.524674892 CET49206443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.524738073 CET44349206143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.524924040 CET49206443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.524938107 CET44349206143.244.215.221192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.525078058 CET49206443192.168.11.20143.244.215.221
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.526002884 CET49207443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.526057005 CET4434920738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.526235104 CET49207443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.526472092 CET49207443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.526500940 CET4434920738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.660289049 CET63833443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.660326004 CET44363833172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.660423994 CET58684443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.660471916 CET44358684149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.660535097 CET63833443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.660602093 CET58684443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.660696983 CET63833443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.660717010 CET44363833172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.660804033 CET58684443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.660832882 CET44358684149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.834727049 CET54997443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.834762096 CET44354997172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.834970951 CET54997443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.835153103 CET54997443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.835169077 CET44354997172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.917582035 CET44363833172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.917845011 CET44358684149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.917900085 CET63833443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.917907953 CET44363833172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.918124914 CET58684443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.918138027 CET44358684149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.918911934 CET44363833172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.919061899 CET44358684149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.919127941 CET63833443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.919249058 CET58684443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.960263014 CET58684443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.960272074 CET44358684149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.960583925 CET54396443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.960601091 CET44354396149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.960772991 CET54396443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.960984945 CET54396443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:35.960994005 CET44354396149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.007261038 CET58684443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.031709909 CET4434920738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.032270908 CET49207443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.032285929 CET4434920738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.033523083 CET4434920738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.033752918 CET49207443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.034394979 CET49207443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.034480095 CET4434920738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.034616947 CET4434920738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.034656048 CET49207443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.034792900 CET49207443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.092593908 CET44354997172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.093071938 CET54997443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.093089104 CET44354997172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.094391108 CET54397443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.094432116 CET4435439738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.094590902 CET54397443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.095141888 CET44354997172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.095395088 CET54397443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.095417976 CET54997443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.095428944 CET4435439738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.117866039 CET49862443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.117904902 CET44349862149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.118112087 CET49862443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.118336916 CET49862443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.118354082 CET44349862149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.219006062 CET44354396149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.219574928 CET54396443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.219608068 CET44354396149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.221967936 CET44354396149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.222181082 CET54396443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.222218037 CET44354396149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.222366095 CET54396443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.377110958 CET44349862149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.377885103 CET49862443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.377907038 CET44349862149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.380295992 CET44349862149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.380520105 CET49862443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.380537033 CET44349862149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.380698919 CET49862443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.600635052 CET4435439738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.601077080 CET54397443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.601113081 CET4435439738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.603494883 CET4435439738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.603755951 CET54397443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.604271889 CET54397443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.604410887 CET4435439738.172.200.46192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.604605913 CET54397443192.168.11.2038.172.200.46
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.731786013 CET52034443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.731832027 CET44352034172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.732101917 CET52034443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.732357979 CET52034443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.732393026 CET44352034172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.989785910 CET44352034172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.990144014 CET52034443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.990170956 CET44352034172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.992259026 CET44352034172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:36.992505074 CET52034443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.086890936 CET44352109149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.087069988 CET52109443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.087497950 CET44355762149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.087505102 CET44363749149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.087693930 CET55762443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.087694883 CET63749443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.869915962 CET53286443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.869932890 CET44353286172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.870071888 CET53286443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.870299101 CET53286443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.870307922 CET44353286172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.886338949 CET44352259149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.886496067 CET52259443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.919435978 CET44359923149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.919739008 CET59923443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.949678898 CET56739443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.949726105 CET44356739172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.949915886 CET56739443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.950109005 CET56739443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:39.950134039 CET44356739172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.106170893 CET44359134149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.106316090 CET59134443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.128566980 CET44353286172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.128983021 CET53286443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.129020929 CET44353286172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.131881952 CET44353286172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.132194042 CET53286443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.211390018 CET44356739172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.211847067 CET56739443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.211884022 CET44356739172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.215507030 CET44356739172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.215785980 CET56739443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.409003019 CET64253443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.409060955 CET44364253149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.409071922 CET57411443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.409121037 CET44357411149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.409240007 CET64253443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.409250975 CET57411443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.409442902 CET64253443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.409478903 CET44364253149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.409540892 CET57411443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.409569025 CET44357411149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.670222998 CET44364253149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.670658112 CET64253443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.670695066 CET44364253149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.671331882 CET44357411149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.671636105 CET57411443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.671657085 CET44357411149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.673487902 CET44364253149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.673760891 CET64253443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.673798084 CET44364253149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.674021959 CET64253443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.674577951 CET44357411149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.674767971 CET57411443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.674797058 CET44357411149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.674937010 CET57411443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.853530884 CET49293443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.853553057 CET44349293149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.853699923 CET49293443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.853961945 CET49293443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:40.853971958 CET44349293149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.112258911 CET44349293149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.112620115 CET49293443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.112653971 CET44349293149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.115029097 CET44349293149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.115282059 CET49293443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.115310907 CET44349293149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.115500927 CET49293443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.226048946 CET44353145149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.226171970 CET53145443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.274588108 CET44349465149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.274801970 CET49465443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.361995935 CET63638443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.362051964 CET44363638172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.362230062 CET63638443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.362478971 CET63638443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.362518072 CET44363638172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.433537006 CET44361997149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.433892965 CET61997443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.621880054 CET44363638172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.622360945 CET63638443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.622390985 CET44363638172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.625838041 CET44363638172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:41.626084089 CET63638443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.152194977 CET44362488149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.152431965 CET62488443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.263185024 CET44357989149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.263394117 CET57989443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.409220934 CET44356723149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.409467936 CET56723443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.955475092 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.955631971 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.956434965 CET44363475172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.956629038 CET63475443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.957226992 CET44350790172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:43.957442999 CET50790443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:44.661767960 CET44351760172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:44.661902905 CET51760443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:44.679342985 CET44353426172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:44.679478884 CET53426443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:45.135471106 CET44355078172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:45.135600090 CET55078443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.044186115 CET44358684149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.044362068 CET58684443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.051718950 CET44355404172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.051918030 CET55404443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.149373055 CET44351187172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.149615049 CET51187443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.344079018 CET44354396149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.344225883 CET54396443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.502633095 CET44349862149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.502768040 CET49862443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.576554060 CET44364148172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:46.576834917 CET64148443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:48.088658094 CET44359221172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:48.088753939 CET59221443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:48.120471954 CET44359678172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:48.120660067 CET59678443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:48.699060917 CET44349204172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:48.699276924 CET49204443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:50.794656992 CET44364253149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:50.794830084 CET64253443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:50.794893980 CET44357411149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:50.795027018 CET57411443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:50.915792942 CET44363833172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:50.915960073 CET63833443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:51.088002920 CET44354997172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:51.088110924 CET54997443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:51.237047911 CET44349293149.112.112.112192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:51.237190962 CET49293443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:51.986834049 CET44352034172.64.41.3192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:51.986969948 CET52034443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.468131065 CET52242443192.168.11.2018.173.166.7
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.468131065 CET59221443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.468439102 CET62488443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.468466043 CET59134443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.468466043 CET59678443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515522957 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515549898 CET53426443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515548944 CET59923443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515548944 CET52259443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515574932 CET50790443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515577078 CET63475443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515577078 CET52109443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515577078 CET63749443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515599012 CET55762443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515599012 CET51760443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515630960 CET49465443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515630960 CET51187443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515647888 CET55078443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515647888 CET55404443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515647888 CET61997443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515652895 CET57989443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515676975 CET64148443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515676022 CET53145443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515727997 CET49204443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515727997 CET54997443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515753984 CET56723443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515753984 CET54396443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515777111 CET58684443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515777111 CET52034443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515777111 CET53286443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515777111 CET56739443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515779972 CET63833443192.168.11.20172.64.41.3
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515818119 CET49293443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515825033 CET57411443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515855074 CET64253443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515876055 CET49862443192.168.11.20149.112.112.112
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:54.515876055 CET63638443192.168.11.20172.64.41.3

                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.569401026 CET6314853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.696646929 CET53631481.1.1.1192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.082439899 CET5987853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.209273100 CET53598781.1.1.1192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.412097931 CET639241900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.430898905 CET53506941.1.1.1192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.472857952 CET4927853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.473094940 CET6473253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.474052906 CET53639231.1.1.1192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.599822998 CET53492781.1.1.1192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.599834919 CET53647321.1.1.1192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.370387077 CET53630001.1.1.1192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:22.423850060 CET639241900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:24.064276934 CET5047053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:24.094194889 CET544141900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.094912052 CET544141900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.390045881 CET6453653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.391323090 CET5974353192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.516763926 CET53645361.1.1.1192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.518052101 CET5448053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.520368099 CET6403653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.821850061 CET5609653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.822016954 CET5284253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.948292971 CET53560961.1.1.1192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.949045897 CET53528421.1.1.1192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:26.096518040 CET544141900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.573992968 CET5377753192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.573992968 CET5827853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.700587988 CET53582781.1.1.1192.168.11.20
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.700839043 CET53537771.1.1.1192.168.11.20

                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.569401026 CET192.168.11.201.1.1.10x5c7aStandard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.082439899 CET192.168.11.201.1.1.10x3379Standard query (0)file.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.472857952 CET192.168.11.201.1.1.10x11caStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.473094940 CET192.168.11.201.1.1.10x96fcStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:24.064276934 CET192.168.11.201.1.1.10x5ad8Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.390045881 CET192.168.11.201.1.1.10xb943Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.391323090 CET192.168.11.201.1.1.10xb794Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.518052101 CET192.168.11.201.1.1.10xc209Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.520368099 CET192.168.11.201.1.1.10x56d3Standard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.821850061 CET192.168.11.201.1.1.10xe646Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.822016954 CET192.168.11.201.1.1.10x2962Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.573992968 CET192.168.11.201.1.1.10xecc9Standard query (0)dns.quad9.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.573992968 CET192.168.11.201.1.1.10x2ba3Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:15.696646929 CET1.1.1.1192.168.11.200x5c7aNo error (0)api.gofile.io94.139.32.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:16.209273100 CET1.1.1.1192.168.11.200x3379No error (0)file.io143.244.215.221A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.599822998 CET1.1.1.1192.168.11.200x11caNo error (0)www.google.com142.251.35.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:21.599834919 CET1.1.1.1192.168.11.200x96fcNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:24.190845013 CET1.1.1.1192.168.11.200x5ad8No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.516763926 CET1.1.1.1192.168.11.200xb943No error (0)sb.scorecardresearch.com18.173.166.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.516763926 CET1.1.1.1192.168.11.200xb943No error (0)sb.scorecardresearch.com18.173.166.42A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.516763926 CET1.1.1.1192.168.11.200xb943No error (0)sb.scorecardresearch.com18.173.166.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.516763926 CET1.1.1.1192.168.11.200xb943No error (0)sb.scorecardresearch.com18.173.166.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.518892050 CET1.1.1.1192.168.11.200xb794No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.645160913 CET1.1.1.1192.168.11.200xc209No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.646975040 CET1.1.1.1192.168.11.200x56d3No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.948292971 CET1.1.1.1192.168.11.200xe646No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.948292971 CET1.1.1.1192.168.11.200xe646No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:25.949045897 CET1.1.1.1192.168.11.200x2962No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.700587988 CET1.1.1.1192.168.11.200x2ba3No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.700587988 CET1.1.1.1192.168.11.200x2ba3No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.700839043 CET1.1.1.1192.168.11.200xecc9No error (0)dns.quad9.net149.112.112.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 4, 2024 06:49:28.700839043 CET1.1.1.1192.168.11.200xecc9No error (0)dns.quad9.net9.9.9.9A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                    • www.google.com
                                                                                                                                                                                                                                                    • chrome.cloudflare-dns.com

                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    0192.168.11.2049765142.251.35.2284437440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC815OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEIrJ7OAQiJo84BCOSvzgEIw7bOAQi9uc4BCO28zgEIu73OAQjWvc4BCMy/zgEYwcvMARi9rs4BGJ2xzgE=
                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                    Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1367INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Date: Wed, 04 Dec 2024 05:49:22 GMT
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Expires: -1
                                                                                                                                                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                    Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-i-UJCat8HOiGtlB-FM7P5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                    Accept-CH: Save-Data
                                                                                                                                                                                                                                                    Accept-CH: Downlink
                                                                                                                                                                                                                                                    Accept-CH: ECT
                                                                                                                                                                                                                                                    Accept-CH: RTT
                                                                                                                                                                                                                                                    Accept-CH: Device-Memory
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1367INData Raw: 62 36 36 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 64 69 73 6e 65 79 20 73 6f 75 74 68 65 72 6e 20 63 61 6c 69 66 6f 72 6e 69 61 20 74 69 63 6b 65 74 73 22 2c 22 72 65 63 61 6c 6c 65 64 20 63 75 63 75 6d 62 65 72 73 20 63 6f 73 74 63 6f 22 2c 22 61 73 74 65 72 6f 69 64 20 68 69 74 74 69 6e 67 20 65 61 72 74 68 20 6e 61 73 61 22 2c 22 72 6f 63 6b 73 74 61 72 20 67 61 6d 65 73 20 67 74 61 20 36 20 74 72 61 69 6c 65 72 22 2c 22 73 6e 6f 77 66 61 6c 6c 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 6d 6c 62 20 62 61 73 65 62 61 6c 6c 22 2c 22 73 63 68 6f 6f 6c 20 63 6c 6f 73 69 6e 67 73 20 64 65 6c 61 79 73 22 2c 22 73 75 70 65 72 6d 61 6e 20 5c 75 30 30 32 36 20 6c 6f 69 73 20 73 65 72 69 65 73 20 66 69 6e 61 6c 65 22 5d 2c 5b 22 22 2c 22 22 2c 22
                                                                                                                                                                                                                                                    Data Ascii: b66)]}'["",["disney southern california tickets","recalled cucumbers costco","asteroid hitting earth nasa","rockstar games gta 6 trailer","snowfall weather forecast","mlb baseball","school closings delays","superman \u0026 lois series finale"],["","","
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1367INData Raw: 64 6b 64 61 63 32 46 53 54 32 74 78 4d 6e 4a 45 55 46 52 6b 59 57 4a 56 57 46 42 4e 63 45 31 74 4e 56 6c 4b 4e 32 4a 6a 4e 44 56 71 55 30 39 77 61 30 6c 4c 62 55 74 51 56 6d 4e 46 55 46 68 52 4d 6a 56 4b 54 31 68 4b 4c 33 46 30 59 55 63 33 4e 47 4d 32 55 32 39 47 56 54 42 76 4d 55 39 36 61 33 4e 34 55 46 42 55 53 32 77 31 54 32 70 4e 51 6b 35 73 52 56 6c 77 64 55 4a 35 64 48 56 53 4e 6a 4d 7a 54 6d 68 49 56 46 42 73 65 44 6b 32 5a 54 42 33 4e 55 78 36 53 32 77 77 4e 54 56 36 4f 55 68 74 57 46 64 57 51 56 42 4a 52 7a 5a 74 54 57 6c 4d 52 54 4a 43 65 46 42 79 61 6a 42 30 59 32 78 72 59 58 56 73 4e 6b 74 5a 62 31 4a 75 54 6c 4a 72 4e 6c 51 33 52 6d 70 51 56 55 64 30 4d 44 46 4e 64 33 56 77 56 56 64 61 59 6c 4d 30 56 44 67 31 4d 6c 68 56 62 45 46 51 55 48 6c
                                                                                                                                                                                                                                                    Data Ascii: dkdac2FST2txMnJEUFRkYWJVWFBNcE1tNVlKN2JjNDVqU09wa0lLbUtQVmNFUFhRMjVKT1hKL3F0YUc3NGM2U29GVTBvMU96a3N4UFBUS2w1T2pNQk5sRVlwdUJ5dHVSNjMzTmhIVFBseDk2ZTB3NUx6S2wwNTV6OUhtWFdWQVBJRzZtTWlMRTJCeFByajB0Y2xrYXVsNktZb1JuTlJrNlQ3RmpQVUd0MDFNd3VwVVdaYlM0VDg1MlhVbEFQUHl
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC191INData Raw: 45 59 6c 56 47 56 79 73 35 59 79 39 4e 56 6a 45 78 5a 58 4a 50 65 6e 4a 6a 64 79 39 57 63 44 6c 35 57 6c 70 54 5a 55 4d 34 64 56 70 58 56 6e 51 7a 4d 6b 39 4c 61 57 4a 70 4c 32 46 43 53 31 4e 71 63 6a 42 47 63 6a 4a 6b 54 6d 78 49 4d 30 39 42 4d 32 6c 59 61 56 42 4a 55 46 46 69 55 47 46 4b 62 6b 46 6a 62 32 31 56 53 45 6c 47 51 6e 4e 34 52 58 6c 6e 54 6a 52 74 56 55 68 4a 52 6b 4a 33 4e 46 4a 35 53 6a 4a 71 61 30 68 73 57 6c 70 59 64 57 56 56 56 6e 4e 76 62 56 56 49 53 55 64 77 4c 79 38 79 55 54 30 39 4f 67 4e 4e 54 45 4a 4b 42 79 4d 30 4d 6a 51 79 4e 44 4a 53 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: EYlVGVys5Yy9NVjExZXJPenJjdy9WcDl5WlpTZUM4dVpXVnQzMk9LaWJpL2FCS1NqcjBGcjJkTmxIM09BM2lYaVBJUFFiUGFKbkFjb21VSElGQnN4RXlnTjRtVUhJRkJ3NFJ5SjJqa0hsWlpYdWVVVnNvbVVISUdwLy8yUT09OgNNTEJKByM0MjQyNDJS
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC99INData Raw: 35 64 0d 0a 4e 57 64 7a 58 33 4e 7a 63 44 31 6c 53 6e 70 71 4e 48 52 45 55 44 46 55 5a 58 64 4d 52 45 45 77 54 56 64 45 4d 44 52 7a 62 6b 35 54 56 6b 70 4a 55 32 6c 34 54 31 52 56 63 6b 31 35 55 55 56 42 56 55 68 72 53 45 35 42 63 41 64 77 46 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: 5dNWdzX3NzcD1lSnpqNHREUDFUZXdMREEwTVdEMDRzbk5TVkpJU2l4T1RVck15UUVBVUhrSE5BcAdwFw\u003d\u003d","
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC357INData Raw: 31 35 65 0d 0a 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33
                                                                                                                                                                                                                                                    Data Ascii: 15ezl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    1192.168.11.2049766142.251.35.2284437440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC718OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEIrJ7OAQiJo84BCOSvzgEIw7bOAQi9uc4BCO28zgEIu73OAQjWvc4BCMy/zgEYwcvMARi9rs4BGJ2xzgE=
                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                    Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Version: 700238841
                                                                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                    Accept-CH: Save-Data
                                                                                                                                                                                                                                                    Accept-CH: Downlink
                                                                                                                                                                                                                                                    Accept-CH: ECT
                                                                                                                                                                                                                                                    Accept-CH: RTT
                                                                                                                                                                                                                                                    Accept-CH: Device-Memory
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                    Date: Wed, 04 Dec 2024 05:49:22 GMT
                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC136INData Raw: 31 62 34 36 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73
                                                                                                                                                                                                                                                    Data Ascii: 1b46)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1255INData Raw: 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 50 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 6b 64 20 67 62 5f 6f 64 20 67 62 5f 46 64 20 67 62 5f 6c 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20
                                                                                                                                                                                                                                                    Data Ascii: \u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1255INData Raw: 5c 2f 73 76 67 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 42 63 20 67 62 5f 51 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 43 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 34 64 20 67 62 5f 44 63 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4e 64 20 67 62 5f 36 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e
                                                                                                                                                                                                                                                    Data Ascii: \/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Bc gb_Q\"\u003e\u003cdiv class\u003d\"gb_Cc\"\u003e\u003ca class\u003d\"gb_4d gb_Dc gb_7d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Nd gb_6d\" aria-hidden
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1255INData Raw: 70 3f 68 6c 5c 75 30 30 33 64 65 6e 5c 75 30 30 32 36 61 6d 70 3b 74 61 62 5c 75 30 30 33 64 72 69 5c 75 30 30 32 36 61 6d 70 3b 6f 67 62 6c 5c 22 20 74 61 72 67 65 74 5c 75 30 30 33 64 5c 22 5f 74 6f 70 5c 22 5c 75 30 30 33 65 49 6d 61 67 65 73 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 52 65 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 32 63 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 62 64 20 67 62 5f 5a 20
                                                                                                                                                                                                                                                    Data Ascii: p?hl\u003den\u0026amp;tab\u003dri\u0026amp;ogbl\" target\u003d\"_top\"\u003eImages\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Re\"\u003e\u003cdiv class\u003d\"gb_2c\"\u003e \u003cdiv class\u003d\"gb_bd gb_Z
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1255INData Raw: 61 2d 6f 67 73 72 2d 61 6c 74 5c 75 30 30 33 64 5c 22 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 77 61 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 43 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 41 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 20 61 70 70 73 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6e 74 6c 2f 65 6e 2f 61 62 6f 75 74 2f 70 72 6f 64 75 63 74 73 3f 74 61 62 5c 75 30 30 33 64 72 68 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74
                                                                                                                                                                                                                                                    Data Ascii: a-ogsr-alt\u003d\"\" id\u003d\"gbwa\"\u003e\u003cdiv class\u003d\"gb_C\"\u003e\u003ca class\u003d\"gb_A\" aria-label\u003d\"Google apps\" href\u003d\"https://www.google.com/intl/en/about/products?tab\u003drh\" aria-expanded\u003d\"false\" role\u003d\"butt
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1255INData Raw: 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 20 67 62 5f 6f 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 68 65 61 64 65 72 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 51 63 20 67 62 5f 4f 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 31 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 42 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 43 63 5c
                                                                                                                                                                                                                                                    Data Ascii: \u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_a gb_od\"\u003e\u003c\/div\u003e\u003c\/header\u003e\u003cdiv class\u003d\"gb_Qc gb_Oc\"\u003e\u003cdiv class\u003d\"gb_1c\"\u003e\u003cdiv class\u003d\"gb_Bc\"\u003e\u003cdiv class\u003d\"gb_Cc\
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC579INData Raw: 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 7a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66
                                                                                                                                                                                                                                                    Data Ascii: s_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.zd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC424INData Raw: 31 61 31 0d 0a 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 42 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 52 63 5c 22 29 3b 41 64 5c 75 30 30 32 36 5c 75 30 30 32 36 21 42 64 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 7a 64 28 5f 2e 6a 64 2c 41 64 2c 5c 22 63 6c 69 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e 43 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 21 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 5c 75
                                                                                                                                                                                                                                                    Data Ascii: 1a1gb_I .gb_A\"),Bd\u003ddocument.querySelector(\"#gb.gb_Rc\");Ad\u0026\u0026!Bd\u0026\u0026_.zd(_.jd,Ad,\"click\");\n}catch(e){_._DumpException(e)}\ntry{\n_.Cd\u003dtypeof AsyncContext!\u003d\u003d\"undefined\"\u0026\u0026typeof AsyncContext.Snapshot\u
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1255INData Raw: 38 30 30 30 0d 0a 73 20 5f 2e 6e 64 7b 7d 3b 5f 2e 45 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 20 69 6e 20 61 2e 69 29 72 65 74 75 72 6e 20 61 2e 69 5b 62 5d 3b 74 68 72 6f 77 20 6e 65 77 20 44 64 3b 7d 3b 5f 2e 46 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 45 64 28 5f 2e 6b 64 2e 69 28 29 2c 61 29 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 68 74 20 47 6f 6f 67 6c 65 20 4c 4c 43 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 49 64 3b 5f 2e 47 64 5c 75 30 30 33 64
                                                                                                                                                                                                                                                    Data Ascii: 8000s _.nd{};_.Ed\u003dfunction(a,b){if(b in a.i)return a.i[b];throw new Dd;};_.Fd\u003dfunction(a){return _.Ed(_.kd.i(),a)};\n}catch(e){_._DumpException(e)}\ntry{\n/*\n\n Copyright Google LLC\n SPDX-License-Identifier: Apache-2.0\n*/\nvar Id;_.Gd\u003d
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1255INData Raw: 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 53 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 61 5c 75 30 30 33 64 6e 75 6c 6c 3b 69 66 28 21 52 64 29 72 65 74 75 72 6e 20 61 3b 74 72 79 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 63 5c 75 30 30 33 64 5c 75 30 30 33 65 63 3b 61 5c 75 30 30 33 64 52 64 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 5c 22 6f 67 62 2d 71 74 6d 23 68 74 6d 6c 5c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 62 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 55 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 54 64 5c 75 30 30 33 64 5c 75 30
                                                                                                                                                                                                                                                    Data Ascii: Number.isFinite(a)?a|0:void 0};Sd\u003dfunction(){let a\u003dnull;if(!Rd)return a;try{const b\u003dc\u003d\u003ec;a\u003dRd.createPolicy(\"ogb-qtm#html\",{createHTML:b,createScript:b,createScriptURL:b})}catch(b){}return a};_.Ud\u003dfunction(){Td\u003d\u0


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    2192.168.11.2049767142.251.35.2284437440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC553OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                    Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC1034INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Version: 700238841
                                                                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                    Accept-CH: Save-Data
                                                                                                                                                                                                                                                    Accept-CH: Downlink
                                                                                                                                                                                                                                                    Accept-CH: ECT
                                                                                                                                                                                                                                                    Accept-CH: RTT
                                                                                                                                                                                                                                                    Accept-CH: Device-Memory
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                    Date: Wed, 04 Dec 2024 05:49:22 GMT
                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                    2024-12-04 05:49:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    3192.168.11.2064506162.159.61.34435380C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-12-04 05:49:26 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                    2024-12-04 05:49:26 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                    2024-12-04 05:49:26 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                    Date: Wed, 04 Dec 2024 05:49:26 GMT
                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                    CF-RAY: 8ec983603c424c02-MIA
                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                    2024-12-04 05:49:26 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 b9 00 04 c0 b2 32 23 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom2#)


                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                    Start time:00:48:39
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\Kameta Setup 1.0.0.exe"
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    File size:79'764'652 bytes
                                                                                                                                                                                                                                                    MD5 hash:0157B710EC82B63DB471A4030979FBD3
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                    Start time:00:48:39
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KametaSetup.exe" | %SYSTEMROOT%\System32\find.exe "KametaSetup.exe"
                                                                                                                                                                                                                                                    Imagebase:0xd10000
                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                    Start time:00:48:39
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                    Start time:00:48:39
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe"
                                                                                                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                                                                                                    File size:79'360 bytes
                                                                                                                                                                                                                                                    MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                    Start time:00:48:39
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\find.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:C:\Windows\System32\find.exe "KametaSetup.exe"
                                                                                                                                                                                                                                                    Imagebase:0x3c0000
                                                                                                                                                                                                                                                    File size:14'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:31D06677CD9ACA84EA2E2E8E3BF22D65
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                    Start time:00:49:08
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7c4b50000
                                                                                                                                                                                                                                                    File size:162'028'032 bytes
                                                                                                                                                                                                                                                    MD5 hash:7153F5DCF75B41969A641F98F370D035
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                    Start time:00:49:08
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                                                                                                                    Imagebase:0x7ff724f80000
                                                                                                                                                                                                                                                    File size:21'312 bytes
                                                                                                                                                                                                                                                    MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                                                    Imagebase:0xf50000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic bios get smbiosbiosversion
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM chrome.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM msedge.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:23
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM brave.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:25
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:26
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:27
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM firefox.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:28
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM opera.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:29
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:30
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:31
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM kometa.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:32
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff78e080000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:33
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:34
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:35
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:36
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM orbitum.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:37
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:38
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:39
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM centbrowser.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:40
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM 7star.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:41
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM sputnik.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:42
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:43
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:44
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:45
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:46
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM vivaldi.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:47
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:48
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:49
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM epicprivacybrowser.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:50
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:51
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:52
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:53
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM uran.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:54
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM yandex.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:55
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM iridium.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:56
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 --field-trial-handle=2164,i,4496418610188938709,3673006249635420347,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                                                                                                    Imagebase:0x7ff7c4b50000
                                                                                                                                                                                                                                                    File size:162'028'032 bytes
                                                                                                                                                                                                                                                    MD5 hash:7153F5DCF75B41969A641F98F370D035
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:57
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:58
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:59
                                                                                                                                                                                                                                                    Start time:00:49:12
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:60
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:61
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:62
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq msedge.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7498f0000
                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:63
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:64
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:65
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq chrome.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7498f0000
                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:66
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:67
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:68
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq firefox.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7498f0000
                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:69
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:70
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7498f0000
                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:71
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7498f0000
                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:72
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:73
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:74
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic MemoryChip get /format:list
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:75
                                                                                                                                                                                                                                                    Start time:00:49:13
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:find /i "Speed"
                                                                                                                                                                                                                                                    Imagebase:0x7ff636aa0000
                                                                                                                                                                                                                                                    File size:17'920 bytes
                                                                                                                                                                                                                                                    MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:76
                                                                                                                                                                                                                                                    Start time:00:49:15
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:77
                                                                                                                                                                                                                                                    Start time:00:49:15
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:78
                                                                                                                                                                                                                                                    Start time:00:49:15
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:79
                                                                                                                                                                                                                                                    Start time:00:49:15
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:80
                                                                                                                                                                                                                                                    Start time:00:49:15
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:81
                                                                                                                                                                                                                                                    Start time:00:49:15
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:82
                                                                                                                                                                                                                                                    Start time:00:49:15
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:83
                                                                                                                                                                                                                                                    Start time:00:49:15
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:84
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM chrome.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:85
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:86
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:87
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM msedge.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:88
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:89
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:90
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM brave.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:91
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:92
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:93
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM firefox.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:94
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:95
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:96
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM opera.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:97
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:98
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:99
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM kometa.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:100
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:101
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:102
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM orbitum.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:103
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:104
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:105
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM centbrowser.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:106
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM 7star.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:107
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:108
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:109
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:110
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM sputnik.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:111
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:112
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:113
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:114
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM vivaldi.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:115
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM epicprivacybrowser.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:116
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:117
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:118
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:119
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:120
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM uran.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:121
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM yandex.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:122
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:123
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:124
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:taskkill /IM iridium.exe /F
                                                                                                                                                                                                                                                    Imagebase:0x7ff631460000
                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:125
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:126
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:127
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:128
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:129
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq msedge.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7498f0000
                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:130
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:131
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:132
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7498f0000
                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:133
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:134
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:135
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7498f0000
                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:136
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:137
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:138
                                                                                                                                                                                                                                                    Start time:00:49:17
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:139
                                                                                                                                                                                                                                                    Start time:00:49:16
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq chrome.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7498f0000
                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:140
                                                                                                                                                                                                                                                    Start time:00:49:17
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2572 --field-trial-handle=2164,i,4496418610188938709,3673006249635420347,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                                                                                                                                                                    Imagebase:0x7ff7c4b50000
                                                                                                                                                                                                                                                    File size:162'028'032 bytes
                                                                                                                                                                                                                                                    MD5 hash:7153F5DCF75B41969A641F98F370D035
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:141
                                                                                                                                                                                                                                                    Start time:00:49:17
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq firefox.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7498f0000
                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:142
                                                                                                                                                                                                                                                    Start time:00:49:17
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                                                                                                                                                                                                                    Imagebase:0x7ff79bde0000
                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:143
                                                                                                                                                                                                                                                    Start time:00:49:17
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
                                                                                                                                                                                                                                                    Imagebase:0x7ff6c3360000
                                                                                                                                                                                                                                                    File size:2'742'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:BB7C48CDDDE076E7EB44022520F40F77
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:144
                                                                                                                                                                                                                                                    Start time:00:49:17
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:145
                                                                                                                                                                                                                                                    Start time:00:49:17
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:146
                                                                                                                                                                                                                                                    Start time:00:49:18
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic bios get smbiosbiosversion
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:147
                                                                                                                                                                                                                                                    Start time:00:49:19
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:148
                                                                                                                                                                                                                                                    Start time:00:49:19
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:149
                                                                                                                                                                                                                                                    Start time:00:49:19
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic MemoryChip get /format:list
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:150
                                                                                                                                                                                                                                                    Start time:00:49:19
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:find /i "Speed"
                                                                                                                                                                                                                                                    Imagebase:0x7ff636aa0000
                                                                                                                                                                                                                                                    File size:17'920 bytes
                                                                                                                                                                                                                                                    MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:151
                                                                                                                                                                                                                                                    Start time:00:49:19
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --no-subproc-heap-profiling --field-trial-handle=1792,i,5804519358371778513,5412243418019726563,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2100 /prefetch:3
                                                                                                                                                                                                                                                    Imagebase:0x7ff6c3360000
                                                                                                                                                                                                                                                    File size:2'742'376 bytes
                                                                                                                                                                                                                                                    MD5 hash:BB7C48CDDDE076E7EB44022520F40F77
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:152
                                                                                                                                                                                                                                                    Start time:00:49:19
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:153
                                                                                                                                                                                                                                                    Start time:00:49:19
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:154
                                                                                                                                                                                                                                                    Start time:00:49:19
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:155
                                                                                                                                                                                                                                                    Start time:00:49:19
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:156
                                                                                                                                                                                                                                                    Start time:00:49:20
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:157
                                                                                                                                                                                                                                                    Start time:00:49:20
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                                                                                                                                                                                                                    Imagebase:0x7ff77d0c0000
                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:158
                                                                                                                                                                                                                                                    Start time:00:49:20
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:159
                                                                                                                                                                                                                                                    Start time:00:49:20
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:160
                                                                                                                                                                                                                                                    Start time:00:49:20
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic bios get smbiosbiosversion
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:161
                                                                                                                                                                                                                                                    Start time:00:49:20
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:162
                                                                                                                                                                                                                                                    Start time:00:49:20
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:163
                                                                                                                                                                                                                                                    Start time:00:49:20
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic MemoryChip get /format:list
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:164
                                                                                                                                                                                                                                                    Start time:00:49:20
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:find /i "Speed"
                                                                                                                                                                                                                                                    Imagebase:0x7ff636aa0000
                                                                                                                                                                                                                                                    File size:17'920 bytes
                                                                                                                                                                                                                                                    MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:165
                                                                                                                                                                                                                                                    Start time:00:49:21
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:166
                                                                                                                                                                                                                                                    Start time:00:49:21
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:167
                                                                                                                                                                                                                                                    Start time:00:49:21
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:168
                                                                                                                                                                                                                                                    Start time:00:49:21
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:169
                                                                                                                                                                                                                                                    Start time:00:49:21
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:170
                                                                                                                                                                                                                                                    Start time:00:49:21
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                                                                                                                                                                                                                    Imagebase:0x7ff77d0c0000
                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:171
                                                                                                                                                                                                                                                    Start time:00:49:21
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
                                                                                                                                                                                                                                                    Imagebase:0x7ff684840000
                                                                                                                                                                                                                                                    File size:3'379'080 bytes
                                                                                                                                                                                                                                                    MD5 hash:40AAE14A5C86EA857FA6E5FED689C48E
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:172
                                                                                                                                                                                                                                                    Start time:00:49:21
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:173
                                                                                                                                                                                                                                                    Start time:00:49:21
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:174
                                                                                                                                                                                                                                                    Start time:00:49:21
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic bios get smbiosbiosversion
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:175
                                                                                                                                                                                                                                                    Start time:00:49:22
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:176
                                                                                                                                                                                                                                                    Start time:00:49:22
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:177
                                                                                                                                                                                                                                                    Start time:00:49:22
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic MemoryChip get /format:list
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:178
                                                                                                                                                                                                                                                    Start time:00:49:22
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:find /i "Speed"
                                                                                                                                                                                                                                                    Imagebase:0x7ff636aa0000
                                                                                                                                                                                                                                                    File size:17'920 bytes
                                                                                                                                                                                                                                                    MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:179
                                                                                                                                                                                                                                                    Start time:00:49:22
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8724771713764745435,9521847868225282173,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2440 /prefetch:3
                                                                                                                                                                                                                                                    Imagebase:0x7ff684840000
                                                                                                                                                                                                                                                    File size:3'379'080 bytes
                                                                                                                                                                                                                                                    MD5 hash:40AAE14A5C86EA857FA6E5FED689C48E
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:180
                                                                                                                                                                                                                                                    Start time:00:49:22
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:181
                                                                                                                                                                                                                                                    Start time:00:49:22
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:182
                                                                                                                                                                                                                                                    Start time:00:49:22
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:183
                                                                                                                                                                                                                                                    Start time:00:49:22
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:184
                                                                                                                                                                                                                                                    Start time:00:49:22
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:185
                                                                                                                                                                                                                                                    Start time:00:49:22
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                                                                                                                                                                                                                    Imagebase:0x7ff77d0c0000
                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:186
                                                                                                                                                                                                                                                    Start time:00:49:23
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                                                                                                                    Imagebase:0x7ff724f80000
                                                                                                                                                                                                                                                    File size:21'312 bytes
                                                                                                                                                                                                                                                    MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:187
                                                                                                                                                                                                                                                    Start time:00:49:23
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:188
                                                                                                                                                                                                                                                    Start time:00:49:23
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:189
                                                                                                                                                                                                                                                    Start time:00:49:23
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic bios get smbiosbiosversion
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:190
                                                                                                                                                                                                                                                    Start time:00:49:23
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:191
                                                                                                                                                                                                                                                    Start time:00:49:23
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:192
                                                                                                                                                                                                                                                    Start time:00:49:23
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:wmic MemoryChip get /format:list
                                                                                                                                                                                                                                                    Imagebase:0x7ff691b90000
                                                                                                                                                                                                                                                    File size:526'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:193
                                                                                                                                                                                                                                                    Start time:00:49:23
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:find /i "Speed"
                                                                                                                                                                                                                                                    Imagebase:0x7ff636aa0000
                                                                                                                                                                                                                                                    File size:17'920 bytes
                                                                                                                                                                                                                                                    MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:194
                                                                                                                                                                                                                                                    Start time:00:49:23
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                                    Imagebase:0x7ff660160000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:195
                                                                                                                                                                                                                                                    Start time:00:49:23
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff768590000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:205
                                                                                                                                                                                                                                                    Start time:00:49:24
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:210
                                                                                                                                                                                                                                                    Start time:00:49:24
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:216
                                                                                                                                                                                                                                                    Start time:00:49:24
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:221
                                                                                                                                                                                                                                                    Start time:00:49:24
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:226
                                                                                                                                                                                                                                                    Start time:00:49:25
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:231
                                                                                                                                                                                                                                                    Start time:00:49:25
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:237
                                                                                                                                                                                                                                                    Start time:00:49:25
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:242
                                                                                                                                                                                                                                                    Start time:00:49:25
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:252
                                                                                                                                                                                                                                                    Start time:00:49:26
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:258
                                                                                                                                                                                                                                                    Start time:00:49:26
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:263
                                                                                                                                                                                                                                                    Start time:00:49:26
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:268
                                                                                                                                                                                                                                                    Start time:00:49:26
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:273
                                                                                                                                                                                                                                                    Start time:00:49:27
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:284
                                                                                                                                                                                                                                                    Start time:00:49:27
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:289
                                                                                                                                                                                                                                                    Start time:00:49:27
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:299
                                                                                                                                                                                                                                                    Start time:00:49:27
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:304
                                                                                                                                                                                                                                                    Start time:00:49:27
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:309
                                                                                                                                                                                                                                                    Start time:00:49:28
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:315
                                                                                                                                                                                                                                                    Start time:00:49:28
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:325
                                                                                                                                                                                                                                                    Start time:00:49:28
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:335
                                                                                                                                                                                                                                                    Start time:00:49:28
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:341
                                                                                                                                                                                                                                                    Start time:00:49:29
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:351
                                                                                                                                                                                                                                                    Start time:00:49:29
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:366
                                                                                                                                                                                                                                                    Start time:00:49:29
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:375
                                                                                                                                                                                                                                                    Start time:00:49:29
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:382
                                                                                                                                                                                                                                                    Start time:00:49:29
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:397
                                                                                                                                                                                                                                                    Start time:00:49:30
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:402
                                                                                                                                                                                                                                                    Start time:00:49:30
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:412
                                                                                                                                                                                                                                                    Start time:00:49:30
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:418
                                                                                                                                                                                                                                                    Start time:00:49:30
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:423
                                                                                                                                                                                                                                                    Start time:00:49:30
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:433
                                                                                                                                                                                                                                                    Start time:00:49:31
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:439
                                                                                                                                                                                                                                                    Start time:00:49:31
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:444
                                                                                                                                                                                                                                                    Start time:00:49:31
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:449
                                                                                                                                                                                                                                                    Start time:00:49:32
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:454
                                                                                                                                                                                                                                                    Start time:00:49:32
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:460
                                                                                                                                                                                                                                                    Start time:00:49:32
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:465
                                                                                                                                                                                                                                                    Start time:00:49:32
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:470
                                                                                                                                                                                                                                                    Start time:00:49:32
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:481
                                                                                                                                                                                                                                                    Start time:00:49:33
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:486
                                                                                                                                                                                                                                                    Start time:00:49:33
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:491
                                                                                                                                                                                                                                                    Start time:00:49:33
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:496
                                                                                                                                                                                                                                                    Start time:00:49:33
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:507
                                                                                                                                                                                                                                                    Start time:00:49:34
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:517
                                                                                                                                                                                                                                                    Start time:00:49:34
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:528
                                                                                                                                                                                                                                                    Start time:00:49:35
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:533
                                                                                                                                                                                                                                                    Start time:00:49:35
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:538
                                                                                                                                                                                                                                                    Start time:00:49:35
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:544
                                                                                                                                                                                                                                                    Start time:00:49:35
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:554
                                                                                                                                                                                                                                                    Start time:00:49:35
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:559
                                                                                                                                                                                                                                                    Start time:00:49:35
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:565
                                                                                                                                                                                                                                                    Start time:00:49:36
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:570
                                                                                                                                                                                                                                                    Start time:00:49:36
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:575
                                                                                                                                                                                                                                                    Start time:00:49:36
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:580
                                                                                                                                                                                                                                                    Start time:00:49:36
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:586
                                                                                                                                                                                                                                                    Start time:00:49:36
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:591
                                                                                                                                                                                                                                                    Start time:00:49:36
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:596
                                                                                                                                                                                                                                                    Start time:00:49:37
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:612
                                                                                                                                                                                                                                                    Start time:00:49:37
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:617
                                                                                                                                                                                                                                                    Start time:00:49:37
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:622
                                                                                                                                                                                                                                                    Start time:00:49:37
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:628
                                                                                                                                                                                                                                                    Start time:00:49:37
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:643
                                                                                                                                                                                                                                                    Start time:00:49:38
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:649
                                                                                                                                                                                                                                                    Start time:00:49:38
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:659
                                                                                                                                                                                                                                                    Start time:00:49:38
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:664
                                                                                                                                                                                                                                                    Start time:00:49:38
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:675
                                                                                                                                                                                                                                                    Start time:00:49:39
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:680
                                                                                                                                                                                                                                                    Start time:00:49:39
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:685
                                                                                                                                                                                                                                                    Start time:00:49:39
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:691
                                                                                                                                                                                                                                                    Start time:00:49:39
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:696
                                                                                                                                                                                                                                                    Start time:00:49:39
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff704ef0000
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:701
                                                                                                                                                                                                                                                    Start time:00:49:39
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:712
                                                                                                                                                                                                                                                    Start time:00:49:40
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:717
                                                                                                                                                                                                                                                    Start time:00:49:40
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:722
                                                                                                                                                                                                                                                    Start time:00:49:40
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:727
                                                                                                                                                                                                                                                    Start time:00:49:40
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:733
                                                                                                                                                                                                                                                    Start time:00:49:40
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:743
                                                                                                                                                                                                                                                    Start time:00:49:41
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:748
                                                                                                                                                                                                                                                    Start time:00:49:41
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:754
                                                                                                                                                                                                                                                    Start time:00:49:41
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:764
                                                                                                                                                                                                                                                    Start time:00:49:41
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:780
                                                                                                                                                                                                                                                    Start time:00:49:41
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:790
                                                                                                                                                                                                                                                    Start time:00:49:42
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:796
                                                                                                                                                                                                                                                    Start time:00:49:42
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:801
                                                                                                                                                                                                                                                    Start time:00:49:42
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:806
                                                                                                                                                                                                                                                    Start time:00:49:42
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:811
                                                                                                                                                                                                                                                    Start time:00:49:42
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:817
                                                                                                                                                                                                                                                    Start time:00:49:42
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:822
                                                                                                                                                                                                                                                    Start time:00:49:42
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:832
                                                                                                                                                                                                                                                    Start time:00:49:43
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:838
                                                                                                                                                                                                                                                    Start time:00:49:43
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:843
                                                                                                                                                                                                                                                    Start time:00:49:43
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:853
                                                                                                                                                                                                                                                    Start time:00:49:43
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:859
                                                                                                                                                                                                                                                    Start time:00:49:44
                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                    No disassembly