Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LEADER_Setup_2024-03-01.exe

Overview

General Information

Sample name:LEADER_Setup_2024-03-01.exe
Analysis ID:1432219
MD5:cec0e50f9de40df587f87c062196880e
SHA1:3493a1598d40e1895d734811fe5d3bd139c336b3
SHA256:8a08fb3ae29464fe20a6e9cb38bdaa1a32c5ffb1812b43889f2ee6f403f7a7ad
Infos:

Detection

Score:6
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Searches for user specific document files
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample searches for specific file, try point organization specific fake files to the analysis machine
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • LEADER_Setup_2024-03-01.exe (PID: 7020 cmdline: "C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe" MD5: CEC0E50F9DE40DF587F87C062196880E)
    • regsvr32.exe (PID: 7612 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO360.DLL" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7668 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\MSMASK32.OCX" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7688 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\LeaderGrid2.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7752 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ABSDI.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7776 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\OpenDialog.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7812 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4FieldServer.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7836 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ErrorLogger.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7860 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Erroneous.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7884 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4TermConvertor.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7900 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\RevalidationSetup.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7924 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ProgressDialog.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7948 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AdvMsgBox.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7972 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AutoType.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7996 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Splash.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 8020 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\PTxSCP.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 8044 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sstbars2.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 8072 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TList4.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 8096 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSpell32.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 8120 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex6d.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 8148 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex7l.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 8172 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JSBBAR16.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 3988 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ViewPort6.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 1468 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Softlocx5.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 1504 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\mblink.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 5952 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\excooltips.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 1360 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HHActiveX.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 3364 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\L3Conversion\Leader3Import.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 5736 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerPlus.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 6164 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerLite.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 2348 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ActiveWizard.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 5996 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\prjLOPARollup.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 6440 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGToolBars50.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 1476 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sg20o.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 6580 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VLBtnBar.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 3612 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\vbalXPBG6.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 2932 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\BreakTimer.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 1788 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGTabs40.ocx" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7616 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Jbfalls.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7576 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAETS.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 4304 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAWI.DLL" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 7568 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\SoftRegister.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 716 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Imports.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 1272 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HRLUR.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 5288 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ExportToOutline.dll" /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • regsvr32.exe (PID: 6056 cmdline: "C:\Windows\SysWOW64\regsvr32.exe" C:\Windows\SysWOW64\MSCOMCTL.OCX /s MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • GLJB936.tmp (PID: 1344 cmdline: "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\COMDLG32.OCX MD5: 6F608D264503796BEBD7CD66B687BE92)
    • GLJB936.tmp (PID: 3960 cmdline: "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Dblist32.ocx MD5: 6F608D264503796BEBD7CD66B687BE92)
    • GLJB936.tmp (PID: 3840 cmdline: "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Comct332.ocx MD5: 6F608D264503796BEBD7CD66B687BE92)
    • GLJB936.tmp (PID: 1904 cmdline: "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Mscomct2.ocx MD5: 6F608D264503796BEBD7CD66B687BE92)
    • GLJB936.tmp (PID: 1956 cmdline: "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Threed32.ocx MD5: 6F608D264503796BEBD7CD66B687BE92)
    • GLJB936.tmp (PID: 3184 cmdline: "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Tabctl32.ocx MD5: 6F608D264503796BEBD7CD66B687BE92)
    • GLJB936.tmp (PID: 724 cmdline: "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Richtx32.ocx MD5: 6F608D264503796BEBD7CD66B687BE92)
    • GLJB936.tmp (PID: 4960 cmdline: "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Msstdfmt.dll MD5: 6F608D264503796BEBD7CD66B687BE92)
  • chrome.exe (PID: 7132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1944,i,14493891824629702636,3599952498152496209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • LEADER.exe (PID: 2292 cmdline: "C:\Program Files (x86)\LEADER\LEADER.exe" MD5: 486B47F8595639C22CF00087A3D21456)
  • LEADER.exe (PID: 3956 cmdline: "C:\Program Files (x86)\LEADER\LEADER.exe" MD5: 486B47F8595639C22CF00087A3D21456)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: LEADER_Setup_2024-03-01.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeWindow detected: &Next >CancelThank you for choosing LEADER. This Single User Setup will automatically remove any previous version of LEADER before installing version 2024.03.01 on your computer.If you agree with the terms below click Next. Otherwise click Cancel.End-user License Agreement (EULA)LEADER(TM)-------------This End-user License Agreement (this "EULA") is a legal agreement between one or more individuals from a single company (the LICENSEE) and ABSG Consulting Inc. (ABS Consulting the LICENSOR). This EULA covers the license(s) and maintenance plan for the LEADER software and associated media and electronic/printed documentation (together comprising the "SOFTWARE PRODUCT") the LICENSEE has acquired. By installing copying or otherwise using the SOFTWARE PRODUCT or any portion thereof the LICENSEE agrees to be bound by the terms of this EULA. If the LICENSEE does not agree to the terms of this EULA the LICENSOR is unwilling to provide a License for the SOFTWARE PRODUCT to the LICENSEE. In such event the LICENSEE may not use or copy the SOFTWARE PRODUCT and the LICENSEE should promptly contact the LICENSOR for instructions on removal of the unused SOFTWARE PRODUCT for a refund.-------------SOFTWARE PRODUCT License:The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties. The SOFTWARE PRODUCT is not sold; rather a License(s) for the SOFTWARE PRODUCT is provided in perpetuity "as is."1. Grant of License. Pursuant to this EULA the LICENSOR hereby grants the LICENSEE the following rights for the number and type(s) of licenses acquired for the SOFTWARE PRODUCT. If the LICENSEE has acquired an Unlimited Corporate License of the SOFTWARE PRODUCT the LICENSEE is entitled to an unlimited number of each type of License described herein for the SOFTWARE PRODUCT.SINGLE USER LICENSESoftware. Each Single User License allows the SOFTWARE PRODUCT to be registered (i.e. "unlocked") on up to two LICENSEE machines for use by a specified LICENSEE employee (the User). Each machine requires a unique Registration Code in order to unlock the SOFTWARE PRODUCT.Storage/Network Use. The setup file(s) for a Single User License(s) of the SOFTWARE PRODUCT may be copied to a LICENSEE server for installation on multiple LICENSEE machines. However the LICENSEE must acquire and dedicate a Single User License for the SOFTWARE PRODUCT for each User of the SOFTWARE PRODUCT. A Single User License for the SOFTWARE PRODUCT may not be shared by multiple persons or multiple companies.Backup Copy. The LICENSEE may make unlimited copies of the SOFTWARE PRODUCT and the LICENSEE may include the SOFTWARE PRODUCT in any general system or network backups.ROVING LICENSESoftware. Each Roving License allows the SOFTWARE PRODUCT to be registered (i.e. "unlocked") on one machine (e.g. a shared laptop) via a unique Registration Code for use by one person at a time. The registration for a Roving License may be tran
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\INSTALL.LOG
Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\AppData\Local\Temp\GLFC501.tmp
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\AppData\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\AppData\Local\Temp\~GLH0000.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\AppData\Local\Temp\
Source: chrome.exeMemory has grown: Private usage: 14MB later: 30MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.115.133
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: regsvr32.exeProcess created: 90
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\LEADER.MIF
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0003.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0004.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0005.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0007.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0009.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH000b.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH000d.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH000f.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0011.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0013.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\~GLH001e.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH00bd.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile deleted: C:\Windows\SysWOW64\~GLH0005.TMP
Source: LEADER_Setup_2024-03-01.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP
Source: classification engineClassification label: clean6.winEXE@123/123@2/21
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\~GLH0002.TMP
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files (x86)\LEADER\LEADER.exeMutant created: NULL
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Users\user\AppData\Local\Temp\GLCB916.tmp
Source: LEADER_Setup_2024-03-01.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile read: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile read: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
Source: unknownProcess created: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe "C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe"
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1944,i,14493891824629702636,3599952498152496209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1944,i,14493891824629702636,3599952498152496209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO360.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\MSMASK32.OCX" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\LeaderGrid2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ABSDI.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\OpenDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4FieldServer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ErrorLogger.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Erroneous.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4TermConvertor.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\RevalidationSetup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ProgressDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AdvMsgBox.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AutoType.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Splash.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\PTxSCP.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sstbars2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TList4.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSpell32.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex6d.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex7l.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JSBBAR16.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ViewPort6.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Softlocx5.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\mblink.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\excooltips.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HHActiveX.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\L3Conversion\Leader3Import.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerPlus.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerLite.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ActiveWizard.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\prjLOPARollup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGToolBars50.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sg20o.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VLBtnBar.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\vbalXPBG6.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\BreakTimer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGTabs40.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Jbfalls.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAETS.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAWI.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\SoftRegister.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Imports.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HRLUR.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO360.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ExportToOutline.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" C:\Windows\SysWOW64\MSCOMCTL.OCX /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\COMDLG32.OCX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Dblist32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Comct332.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Mscomct2.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Threed32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Tabctl32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Richtx32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Msstdfmt.dll
Source: unknownProcess created: C:\Program Files (x86)\LEADER\LEADER.exe "C:\Program Files (x86)\LEADER\LEADER.exe"
Source: unknownProcess created: C:\Program Files (x86)\LEADER\LEADER.exe "C:\Program Files (x86)\LEADER\LEADER.exe"
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\MSMASK32.OCX" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\LeaderGrid2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ABSDI.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\OpenDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4FieldServer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ErrorLogger.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Erroneous.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4TermConvertor.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\RevalidationSetup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ProgressDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AdvMsgBox.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AutoType.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Splash.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\PTxSCP.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sstbars2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TList4.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSpell32.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex6d.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex7l.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JSBBAR16.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ViewPort6.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Softlocx5.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\mblink.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\excooltips.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HHActiveX.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\L3Conversion\Leader3Import.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerPlus.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerLite.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ActiveWizard.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\prjLOPARollup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGToolBars50.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sg20o.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VLBtnBar.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\vbalXPBG6.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\BreakTimer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGTabs40.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Jbfalls.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAETS.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAWI.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\SoftRegister.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Imports.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HRLUR.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ExportToOutline.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" C:\Windows\SysWOW64\MSCOMCTL.OCX /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\COMDLG32.OCX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Dblist32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Comct332.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Mscomct2.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Threed32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Tabctl32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Richtx32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Msstdfmt.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: acgenral.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: winmm.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: samcli.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: msacm32.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: urlmon.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: mpr.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: winmmbase.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: winmmbase.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: aclayers.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: sfc.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: sfc_os.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: ismif32.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: riched32.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: riched20.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: usp10.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: msls31.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: edputil.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: appresolver.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: slc.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: sppc.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: pcacli.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: cabinet.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: linkinfo.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: ntshrui.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: cscapi.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeSection loaded: ismif32.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msvbvm60.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msvbvm60.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msvbvm60.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msvbvm60.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: msvbvm60.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: vb6zz.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: sxs.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: scrrun.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: version.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: oledlg.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: olepro32.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: textshaping.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: asycfilt.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
Source: C:\Program Files (x86)\LEADER\LEADER.exeFile written: C:\Users\user\AppData\Local\VirtualStore\Windows\netdet.ini
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Windows\SysWOW64\RICHED32.DLL
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeWindow detected: &Next >CancelThank you for choosing LEADER. This Single User Setup will automatically remove any previous version of LEADER before installing version 2024.03.01 on your computer.If you agree with the terms below click Next. Otherwise click Cancel.End-user License Agreement (EULA)LEADER(TM)-------------This End-user License Agreement (this "EULA") is a legal agreement between one or more individuals from a single company (the LICENSEE) and ABSG Consulting Inc. (ABS Consulting the LICENSOR). This EULA covers the license(s) and maintenance plan for the LEADER software and associated media and electronic/printed documentation (together comprising the "SOFTWARE PRODUCT") the LICENSEE has acquired. By installing copying or otherwise using the SOFTWARE PRODUCT or any portion thereof the LICENSEE agrees to be bound by the terms of this EULA. If the LICENSEE does not agree to the terms of this EULA the LICENSOR is unwilling to provide a License for the SOFTWARE PRODUCT to the LICENSEE. In such event the LICENSEE may not use or copy the SOFTWARE PRODUCT and the LICENSEE should promptly contact the LICENSOR for instructions on removal of the unused SOFTWARE PRODUCT for a refund.-------------SOFTWARE PRODUCT License:The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties. The SOFTWARE PRODUCT is not sold; rather a License(s) for the SOFTWARE PRODUCT is provided in perpetuity "as is."1. Grant of License. Pursuant to this EULA the LICENSOR hereby grants the LICENSEE the following rights for the number and type(s) of licenses acquired for the SOFTWARE PRODUCT. If the LICENSEE has acquired an Unlimited Corporate License of the SOFTWARE PRODUCT the LICENSEE is entitled to an unlimited number of each type of License described herein for the SOFTWARE PRODUCT.SINGLE USER LICENSESoftware. Each Single User License allows the SOFTWARE PRODUCT to be registered (i.e. "unlocked") on up to two LICENSEE machines for use by a specified LICENSEE employee (the User). Each machine requires a unique Registration Code in order to unlock the SOFTWARE PRODUCT.Storage/Network Use. The setup file(s) for a Single User License(s) of the SOFTWARE PRODUCT may be copied to a LICENSEE server for installation on multiple LICENSEE machines. However the LICENSEE must acquire and dedicate a Single User License for the SOFTWARE PRODUCT for each User of the SOFTWARE PRODUCT. A Single User License for the SOFTWARE PRODUCT may not be shared by multiple persons or multiple companies.Backup Copy. The LICENSEE may make unlimited copies of the SOFTWARE PRODUCT and the LICENSEE may include the SOFTWARE PRODUCT in any general system or network backups.ROVING LICENSESoftware. Each Roving License allows the SOFTWARE PRODUCT to be registered (i.e. "unlocked") on one machine (e.g. a shared laptop) via a unique Registration Code for use by one person at a time. The registration for a Roving License may be tran
Source: LEADER_Setup_2024-03-01.exeStatic file information: File size 17423501 > 1048576
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO360.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0039.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH000d.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH006e.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0011.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH001c.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH002a.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0004.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0022.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0038.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0048.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0030.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0056.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH005e.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0005.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0070.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH006c.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0013.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0036.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH003b.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH004e.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH000b.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH00bd.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0007.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\temp.000Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0024.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0054.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0069.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Users\user\AppData\Local\Temp\GLJB936.tmpJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Users\user\AppData\Local\Temp\GLCB916.tmpJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0034.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0042.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0018.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH004c.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0052.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0009.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH003d.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0044.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0060.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH002e.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH005a.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0026.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\~GLH0016.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH00be.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH001a.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH004a.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH000f.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0058.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0032.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\temp.000Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0062.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH002c.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0046.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH005c.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0020.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH003f.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Users\user\AppData\Local\Temp\~GLH0000.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0050.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0003.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\~GLH0028.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH000f.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH000d.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0011.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0013.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\temp.000Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0004.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0009.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH000b.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH00bd.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0007.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0003.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\~GLH0005.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Windows\SysWOW64\temp.000Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\temp.000Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\Program Files (x86)\LEADER\Bin\INSTALL.LOG
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER.lnk
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER Program Folder.lnk
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER Help.lnk
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER User Folder.lnk
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0039.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\~GLH000d.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0011.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH006e.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH002a.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH001c.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0004.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0022.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0038.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0048.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0030.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0056.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH005e.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0005.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0070.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH006c.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0013.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH003b.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0036.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH004e.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\~GLH000b.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\~GLH00bd.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0007.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\temp.000Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0024.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0054.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0069.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0034.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GLCB916.tmpJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GLJB936.tmpJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0042.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0018.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH004c.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0052.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0009.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH003d.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0060.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0044.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH002e.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH005a.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0026.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH00be.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH001a.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH004a.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\~GLH000f.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0058.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0032.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\temp.000Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0062.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH002c.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0046.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH005c.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0020.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH003f.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~GLH0000.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0050.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0003.TMPJump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0028.TMPJump to dropped file
Source: C:\Program Files (x86)\LEADER\LEADER.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\LEADER\LEADER.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\AppData\Local\Temp\GLFC501.tmp
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\AppData\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\AppData\Local\Temp\~GLH0000.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeFile opened: C:\Users\user\AppData\Local\Temp\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO360.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\MSMASK32.OCX" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\LeaderGrid2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ABSDI.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\OpenDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4FieldServer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ErrorLogger.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Erroneous.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4TermConvertor.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\RevalidationSetup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ProgressDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AdvMsgBox.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AutoType.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Splash.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\PTxSCP.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sstbars2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TList4.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSpell32.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex6d.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex7l.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JSBBAR16.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ViewPort6.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Softlocx5.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\mblink.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\excooltips.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HHActiveX.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\L3Conversion\Leader3Import.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerPlus.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerLite.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ActiveWizard.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\prjLOPARollup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGToolBars50.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sg20o.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VLBtnBar.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\vbalXPBG6.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\BreakTimer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGTabs40.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Jbfalls.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAETS.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAWI.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\SoftRegister.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Imports.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HRLUR.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ExportToOutline.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" C:\Windows\SysWOW64\MSCOMCTL.OCX /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\LEADER\LEADER.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\LEADER\LEADER.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exeDirectory queried: C:\Users\Public\Documents

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		1
Regsvr32		OS Credential Dumping13
File and Directory Discovery		Remote Services1
Data from Local System		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		32
Masquerading		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		11
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\GLCB916.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\GLCB916.tmp0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\GLFC501.tmp (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\GLFC501.tmp (copy)1%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\GLJB936.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\GLJB936.tmp0%VirustotalBrowse
C:\PROGRA~2\LEADER\Bin\~GLH0019.TMP (copy)0%ReversingLabs
C:\PROGRA~2\LEADER\Bin\~GLH0019.TMP (copy)0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\Splash.dll (copy)0%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\Splash.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH0018.TMP0%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH0018.TMP0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH001a.TMP0%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH001a.TMP0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH001c.TMP0%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH001c.TMP0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH0020.TMP0%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH0020.TMP0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH0022.TMP0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH0022.TMP0%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH0026.TMP2%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH0026.TMP0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH0028.TMP0%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH0028.TMP0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH002c.TMP0%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH002c.TMP0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH002e.TMP0%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH002e.TMP0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH0030.TMP2%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH0030.TMP0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH0032.TMP0%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH0032.TMP0%VirustotalBrowse
C:\Program Files (x86)\LEADER\Bin\~GLH0034.TMP3%ReversingLabs
C:\Program Files (x86)\LEADER\Bin\~GLH0034.TMP0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.217.164
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    142.250.189.131
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.217.164
    		www.google.comUnited States
    		15169GOOGLEUSfalse
    239.255.255.250
    		unknownReserved
    		unknownunknownfalse
    172.217.2.206
    		unknownUnited States
    		15169GOOGLEUSfalse
    108.177.11.84
    		unknownUnited States
    		15169GOOGLEUSfalse

    Private

    IP
    192.168.2.16

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1432219
    Start date and time:2024-04-26 17:45:54 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:71
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:LEADER_Setup_2024-03-01.exe
    Detection:CLEAN
    Classification:clean6.winEXE@123/123@2/21
    Cookbook Comments:
    • Found application associated with file extension: .exe

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 142.250.189.131, 172.217.2.206, 108.177.11.84, 34.104.35.123
    • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtOpenFile calls found.
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • Timeout during stream target processing, analysis might miss dynamic analysis data

    Created / dropped Files

    C:\PROGRA~2\LEADER\Bin\~GLH0019.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH001b.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH001d.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0021.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0023.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0025.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0027.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0029.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH002b.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH002d.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH002f.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0031.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0033.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0035.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0037.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH003a.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH003c.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH003e.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0040.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0043.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0045.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0047.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0049.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH004b.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH004d.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH004f.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0051.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0053.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0055.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0057.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0059.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH005b.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH005d.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH005f.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0061.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0063.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH006a.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH006d.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH006f.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0071.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\PROGRA~2\LEADER\Bin\~GLH0073.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO2535.TLB (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A4D85D6E9E8656E85E0F4DE7C8F39BB0
    SHA1:B8F18E6833B89510895DE477DAAF36B44E9AF29D
    SHA-256:BCBBBB2E92CFE0AD52792A45CDC459104A2404DF39915B3C8228796838DAE970
    SHA-512:C10A96EDDA3173916BB34588C4C9F77BC74B6A4B3CC1C004C374C567F31CEDEDE43E3E5B3711533B215E465FE39EB1E6A2977089CC1E1567E6847F216A09313F
    Malicious:false
    Reputation:unknown
    Preview:MSFT................Q...........L...............D...........0....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........|.......D...........p.......8...........d.......,...........X....... ...........L...t................&.............. &...............%..............$ ............... ..............<&..............<(...6...........^...:..............H..............................h........................................................... !..D............................................................................................... !..................................................0............................................... !.....@...........................................H............................................... !.................................................h...................

    C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\~GLH0002.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:data
    Category:dropped
    Size (bytes):73184
    Entropy (8bit):5.10364614190387
    Encrypted:false
    SSDEEP:
    MD5:A4D85D6E9E8656E85E0F4DE7C8F39BB0
    SHA1:B8F18E6833B89510895DE477DAAF36B44E9AF29D
    SHA-256:BCBBBB2E92CFE0AD52792A45CDC459104A2404DF39915B3C8228796838DAE970
    SHA-512:C10A96EDDA3173916BB34588C4C9F77BC74B6A4B3CC1C004C374C567F31CEDEDE43E3E5B3711533B215E465FE39EB1E6A2977089CC1E1567E6847F216A09313F
    Malicious:false
    Reputation:unknown
    Preview:MSFT................Q...........L...............D...........0....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........|.......D...........p.......8...........d.......,...........X....... ...........L...t................&.............. &...............%..............$ ............... ..............<&..............<(...6...........^...:..............H..............................h........................................................... !..D............................................................................................... !..................................................0............................................... !.....@...........................................H............................................... !.................................................h...................

    C:\Program Files (x86)\LEADER\American.vtd (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:19018A3FC0A354361D00ED59E1FBAD6B
    SHA1:8865CA917CE445E10C4C59F1A0D393DB5159D343
    SHA-256:68E008CF02C45A853FBADD959068600DD4D8EAE4B33AE0F7C21B77F7AA7A92C4
    SHA-512:C1E2B98E5C610531966399CEA49AA9FE45A62D3B815155D979BA4B10C2662989435DD739EDA5DA676589848E97F1F5C2934AD89B820B52FB57187C6E8F6B5B3B
    Malicious:false
    Reputation:unknown
    Preview:........C.......WN.....9.................................}..rd.Copyright (c) 1995 by Visual Components, Inc. All Rights Reserved...............................................................................................................................e......."e.*j.-..1.?6.?:.?A.:..,.-k./.?4n.)l.)q.)s.;.;.1v.0.1z.)}.7.?>.4.?6..8~.-.6../.?:.0.).6.1.;.<..1.?7B.+.?3.)...D.6..;...D.1..;..).).?6..6..,|.:.-.,..;..).?*.?-.?.../.?0.?1..4.?8D.<..*.?,.?5..6.@;..)..5..,..3..).?-.?=..6..1x.A..:..<..9..=..-..:..@..)..6..,..-..:..1..)i.-..1..7..6..3.?9..1..)y.6B.=..)..5..*..)A.-.?0.?1D./.?6..0..-..<..)..4..4..7..?D.7..7..)z?-s?1..5e?7D.;b.:x?Bu.1w.4v.4..7t.6..:q?;..1p.+n?6f.)m..D.6j.;...D.).@1..;..,..7d.6c.1..<a.-`.:..)Y?,V?/O?3..62?<..0X.-W.1u.-..:S?A..-.@7Q.5P.-..-K?4G?7..=D.4J.-D.7.@=..1E?7B.+D.)..1...D.8??;..0>.1<?7..4;..D.-B@17?;..)5.+...D.+.@;..)/.-.@1p.8.))?0#?1"?7.??..-..:'.+&.<%.1$.+..7.+.?/.?4{.0.=..6.-..:.)..0.?7..8.?:.:..7..,.).?4..4..).?7..+.7.-.=..)..:..

    C:\Program Files (x86)\LEADER\Bin\Filecopy.avi (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:RIFF (little-endian) data, AVI, 260 x 40, 10.00 fps, video: RLE 8bpp
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:34B5BC08ACDA9850686B42C869E631A3
    SHA1:93A9EF0BFC9FE09935C04371A902DC688D67D1AE
    SHA-256:C49C3293383D2777BEEDF2265F01D87E9C122328681065E9EB2F9C1D5A75CCCE
    SHA-512:45ED41904AC5A170205330A98A45E8D87C2D0E2D1CD30400206E35A97119E79593555682BD95EA380CEC2542BEE4F8E49ED8771E81F2386A8EB553E5F44845A1
    Malicious:false
    Reputation:unknown
    Preview:RIFF.%..AVI LIST....hdrlavih8...........OPY.........................(......8...l9..(....LIST....strlstrh8...vidsRLE ................@B..........*....'..............strfh...(.......(............(..................................................................................vedt............JUNK......t........a.^..v..V..V............*.......u....t.......U....WV.v...+...V..:....=.t....GW.......^..7.^..?^_..]...U.../P.v..V......]...U.../P.v..*......]...U....WV.v.V.8..............G..P../P.N............_...0...............................................|.0.8................................................\.&......2`.<.........................l...............................D@H.D@..........'...............................'.....,.........'............................. .........'.................(.............................!'....$...........1.........'.........................4.'....V..L.<.............l=Hm.`q.....\.........q.p...............!',.............!'..(.............1

    C:\Program Files (x86)\LEADER\Bin\LDR.ico (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5A94CEE0DBB18148499915C5C79F54B7
    SHA1:A5F478169E5BBE24B91BFDC2C25470CE0F6F1934
    SHA-256:0CCDC16B9034FACFB1E8D10BF30EC857E85D0CF4B9FED3779B82E9DB6CB85A06
    SHA-512:2C3A35DF16ADEA3B29C594D8C6DF164E20CF16D337F2BBCDED474D8C8768E66F2B90C2EF9862DAAD05878FFF842CC7FC89241792F219304EA9FE3516FDF5CE04
    Malicious:false
    Reputation:unknown
    Preview:......00..........F... ......................................h...^...(...0...`...................................ooo.ppp..................................................&..!!..$$..,'.."*..++..--..*1..21..11..52..66..;;..=:..8?..B5..B>..>O..>]...p.."v..)w...t..0y..>}..A@..FO..II..JL..NN..FR..C^..NX..TT..WW.._S..ZV..[[..XX..aV..c_..q]..La..[c..Zo..bb..dd..hc..bn..ii..mm..xl..qq...v......n...v............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\LDT.ico (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F1A7D4193E8AFB2AEF708AAE670DBC4B
    SHA1:56705A6141C062C6B738137ADAFD06061419B014
    SHA-256:85732AFAB389B295E72B3A5BE06DFB879AD721E153E8A51652AAC02E1488646D
    SHA-512:C016EA67CFAB7320467BE3FFACE960B5CAF4A72A7D84DA2D8B0EC73655509A3E4F163874C04E1965276CA87C7837BE99C7BAF18C3A6BF56D3B9F27EC5EEE0507
    Malicious:false
    Reputation:unknown
    Preview:......00..........F... ......................................h...^...(...0...`...................................ooo.ppp..............................&..!!..,'..++..*1..66..=:..B5..B>..A@..FO..II..FR..NX..WW.._S..XX..aV..c_..q]..La..[c..dd..hc..bn..ii..xl..qq...v......h...k... ...T...V...Z...Z...Z...\...h...f...j...l...g...n...o...d...n...h...r...s.......v...p...n...v...U...Z...h...(...,.../...)...1...:...=...@...K...U...[...\...b...g...k...n...b...p...y...z...}...r...a...d...c...a...d...j...l...f...w...t...{...{...r...y........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\LEADER.ico (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows icon resource - 6 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7D88BF3C372AAAEE1E829108DD56C28D
    SHA1:5DF5F90740CD1E4727A847848DD2049FDDC4B97E
    SHA-256:2663E7D3AE3B7EA397A55EA84C5FBD205E52A9E01304B08B9753FEACC6C0C098
    SHA-512:1E62DE60EAECAC2065D448B518206EAC4E188E2E31B71443C50DC9D45AA483B8FF74BE87F0F2BE76BACD5FC98FCEEEAC108872F984EB79F46F2E240E523CF963
    Malicious:false
    Reputation:unknown
    Preview:......00..........f... ......................h.......00.... ..%...... .... ......B........ .h...nS..(...0...`.......................................................................................................'''.777.GGG.WWW.ggg.www...................................L.................LL............L......&...1...J..Lr........... L..6...L.......{..L............1L..Q...r..........L............AL..m..............L............LG...v.............L............L6...[............L............L&...?...Y...r.....L............L....$...3...A...[.L............L................).L.Y..........L.......... ...:...f.L..........L..-...?...Q...k.....L.........+L..H...e.............L.........<L..d.................L.........LL....................L.........L<...d...............L........L+...H...f...........L........L....-...?...Q...k....L........L............ ...:...eL.........L.................)..LY.........L.....$...2...A...[..L..........L.&...?...Y...r......L..........L.6...[..............L....

    C:\Program Files (x86)\LEADER\Bin\Leader Install.reg (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Windows Registry little-endian text (Win2K or above)
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:AD58D6370A38710EA6FAEFF26296F6E5
    SHA1:5990FC3E695A135EACEFC04260598DBF8CC1AC19
    SHA-256:B70457C668DEC58C0A38A6473980E925E8EDD1CC02CD287F62BA51D1CB9FC1CA
    SHA-512:EB7F90004D55456B3FF370207BA245D1A37CB6AFC6ADD91D5F0059C0F6B52385C267288A498D607B19A7854164A8AD643EA2602493FFD726FF1519F114D6D1B9
    Malicious:false
    Reputation:unknown
    Preview:..W.i.n.d.o.w.s. .R.e.g.i.s.t.r.y. .E.d.i.t.o.r. .V.e.r.s.i.o.n. .5...0.0.........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.A.B.S._.C.o.n.s.u.l.t.i.n.g.].........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.A.B.S._.C.o.n.s.u.l.t.i.n.g.\.L.E.A.D.E.R.].........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.A.B.S._.C.o.n.s.u.l.t.i.n.g.\.L.E.A.D.E.R.\.A.u.t.o.B.a.c.k.u.p.].....".I.n.t.e.r.v.a.l.".=.".1.5.".....".E.n.a.b.l.e.d.".=.".T.r.u.e.".....".M.a.x.F.i.l.e.s.".=.".8.".........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.A.B.S._.C.o.n.s.u.l.t.i.n.g.\.L.E.A.D.E.R.\.D.i.c.t.i.o.n.a.r.y.].....".S.t.a.n.d.a.r.d.D.i.c.t.i.o.n.a.r.y.".=.".C.:.\.\.L.E.A.D.E.R.\.\.A.m.e.r.i.c.a.n...v.t.d.".....".C.u.s.t.o.m.D.i.c.t.i.o.n.a.r.y.".=.".C.:.\.\.L.E.A.D.E.R.\.\.C.u.s.t.o.m...d.i.c.".........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.A.B.S._.C.o.n.s.u.l.t.i.n.g.\.L.E.A.D.E.R.\.H.o.m.e.].....".D.i.r.e.c.t.o.r.y.".=.".C.:.\.\.L.E.A.D.

    C:\Program Files (x86)\LEADER\Bin\Splash.dll (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:964BE1929C87412C2C400AD65B2DF003
    SHA1:62F069017E4DEE4AB8906F39418BF19BEA5E9977
    SHA-256:685B48AE73AFA57DE06A737F6183D723CA5B667F06E44EEE647D63886BEF6560
    SHA-512:D871E746904A9E843DAD754AE26DC2CCF3FD7B465F0DC1D4285F7E92706FC74C57F8E1CF53590219B92CC31A2F57833224074376E59CB915C12EB9DA5C860056
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L...E;.]...........!..... ...0...............0.....6.........................`.......................................*.......)..(....@.......................P..............................................P... .......4............................text...3........ .................. ..`.data........0......................@....rsrc........@.......0..............@..@.reloc.......P.......@..............@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\UNWISE.EXE (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:443E13846997C537E8F5ED61130AB705
    SHA1:6B10D458A5F1E3DBF8DFA96B118CF232D3A66F5F
    SHA-256:49EF36BD01B8EBF38C7B807A5FB44CBAF47C9D4EFA883B01C41494C61AE4A2E2
    SHA-512:DD994D001F7DE591CD03A7D875EC0A96BE0DBF31EE7C2508AB67C701A27BDEBDCB14DFFD7F971F2DC5B86BB44443E4816880D73CACF7974B1731078A841FDDB8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{"..?C..?C..?C..D_..=C...\..>C..._..3C..?C..>C..]\..2C..?C...C...\...C...E..>C...\..>C..Rich?C..........PE..L...a.s7.....................d......Y.............@..........................p...................................... .......H........@...%..............................................................................h............................text...7........................... ..`.rdata..............................@..@.data........ ......................@....rsrc....%...@...&..."..............@..@........................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\Vspeller.hlp (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows 3.0 help, Mon Jun 26 07:46:43 1995, 15819 bytes
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:1784DAFFC1A6443BE7A6AD11ED0F7C72
    SHA1:F6CD5A668145384952EAC87989B9526EE3FFDA1F
    SHA-256:D86D6BB75F04C18314E047D1A99D16AB0C712F35ADD8EE8DA0C4E6CA60D1B069
    SHA-512:E520CF934E63F9AAD3356CB7E4CCF9F672F949FDF61CC2E1F46694B2ACB1ADD517B94AE861A85F8B8F53DB5F967587C0FB0DFBB1BBA54C471F19D28D950180E5
    Malicious:false
    Reputation:unknown
    Preview:?_..S........=..C...:........H...................(.-.6.<.E.J.U.].h.n...........................:.A.O.a.i.w.........................4.?.B.R.V.............'.-.2.5.9.<.C.F.L.W.Z.c.p.y.~...................................................$.+.4.:.A.J.P.W.].c.o.y.........................................................#.-.1.5.8.>.H.L.R.Y._.g.m.x.|...........................................(./.8.@.J.S.].h.l.p.s.w.|............................(such) a.re consi.dered sp.ell..corr.ectly wi.thout se.arching .the dict.ionaries..Add to .Custom b.utton an.d list b.oxAllCan.ce.@"@Chan.gesCheck.%...loseCu-z.nz.O0DiPFo.undHelpa@.However,.If cB.ed,@Ignore.0 .t..@.@.0Limi.tL..of su.g....sMov.P.sl......Not... } .` S8p.@..pwordNum@bersOK.AO4pe. /. *Qch oices..St.7.ar...P. .@[A.PerformQ.A.@Press..P.rompt Re.place...A.@..P%q&PW......*.. edi.!f.S."6SN.. .@.PSu`bsequ..Jq .40 .!a.The.. saurumQTh@isTo cM!ad c3R oh..ry0, pi]...y .f&.."."so ...is."visib.l-.,."pa.."."k{.i a..d....lPWhen=.W.. Q+rin .by9.a.log..aB#.?

    C:\Program Files (x86)\LEADER\Bin\temp.000

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):65536
    Entropy (8bit):4.7052309704892
    Encrypted:false
    SSDEEP:
    MD5:D35309869E4583C8051906C763200A57
    SHA1:766070AAE939B1359D8EA2C5671E00AB039C2FBA
    SHA-256:F87922C134772DC5FD3D65C59764CE7EC33A4552B796BEB2BFD743C4C21D18FB
    SHA-512:981FA9B98FACC33EBE0FF2FD4EC9EBB569FC8850468C3D5DB3D4F1CDD5C58BB686015846C7CC6A7F437AE371E4F0A89BE9E26B1B09D8BB8F286B1755FD8265F4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(..............U.................................`..............................p.......4...(...............................p...........................................P... .......t............................text............................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0018.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):737280
    Entropy (8bit):5.028861333367489
    Encrypted:false
    SSDEEP:
    MD5:58F99A385CAC2CC28FE16424CB2C710B
    SHA1:6D72F197F517A8DCF817ADC695AE4730BA7AC514
    SHA-256:52BC403E8E9A4759FFAF9B4955F57013727563C5F37A6A7A82B2AFD018F028E6
    SHA-512:F0A9352605610003D524D15EA81C8DC02FAB9D2FC7AD48B9B1189138B0E94506063B0F20D672F5F0CEF54CA21C458EA0111E96ED8A4B9868F414ABD1065D8482
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L....^.6...........!...............................'................................................................p.......T...<........w......................8...........................................P...0....................................text............................... ..`.data...x;..........................@....rsrc....w..........................@..@.reloc...............P..............@..B..4....H[.6#...........jbfmdf.dll.MSVBVM60.DLL.........................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH001a.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):3.583166380719099
    Encrypted:false
    SSDEEP:
    MD5:5A9A314C85C7D718DF475160304F6359
    SHA1:674FA80ED7A48068FB851393C7069B37D05DB925
    SHA-256:C15481ADE59593CFA4B02DB959ED529F823D495560B0C67FEC7C76888EDD3FFE
    SHA-512:403C4478FBACC2B540B2CFF65786AFCC7EC37EEABDCDB815728B8EA48BD020808EBFB28D4F5B1290890AAC002F02BE9BF23472DC62FAA67A81A0A4695EF95D28
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9...}.q.}.q.}.q.R.|.|.q...u.|.q.Rich}.q.........................PE..L....`e7...........!.....@...@...............P.....0................................[................................F......tE..(....`..x.......................d...........................................X... .......p............................text...T7.......@.................. ..`.data........P......................@....rsrc...x....`... ...P..............@..@.reloc...............p..............@..B.^77............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH001c.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):36352
    Entropy (8bit):4.96524150286448
    Encrypted:false
    SSDEEP:
    MD5:BD0E19C6AD66E478BBB5DF551F84D0C9
    SHA1:EF0B5DAD8007FB547B65DB05133F257021249E4D
    SHA-256:07D50ECE88804A685087FDE643EF5F4600952D015132DA4F05DCFDFEF6513E2F
    SHA-512:A7E6F243F3AF303547D06CC3C268582CE1591979AA394EEF82154C52466110A4FBCADDF096008BE2F29D33C93B1D0FE50E9D9F694224AF012BC8352AA618118B
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L.....4...........!.....@...`......`........P.....&.................................................................X......4T..<.......(.......................d....................................................P...............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data....<...`...(...N..............@....rsrc...(............v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0020.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):131072
    Entropy (8bit):6.089120021819503
    Encrypted:false
    SSDEEP:
    MD5:AD65ECC98A024EBCD1776A31F04B476B
    SHA1:B707D87C0C04BC8815D706EA71DFA39848CC10DB
    SHA-256:9E198C85936AAB395AFE0BDE111F327362B6F5AB9F7347FF07CBFAF0197380BA
    SHA-512:B43036EF5463C5527ABFD578E16204B3B38123B4BD9F74B71B2B37D29B42F37F2BC7EF888E6AB5A82A1FD0B86105EB3C4CF609C9208FF48C46729505D4B672A9
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M..................`.................Rich...........................PE..L......e...........!.........`......................................................s..........................................(.......L...................................................................h... ....................................text............................... ..`.data...............................@....rsrc...L........ ..................@..@.reloc........... ..................@..Bl.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0022.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Category:dropped
    Size (bytes):166408
    Entropy (8bit):6.410245982768783
    Encrypted:false
    SSDEEP:
    MD5:CE096567ABC830C1FE68E00D212D8D92
    SHA1:36902DF3E6A6F2B09826719E31E939ECD9B7E55B
    SHA-256:1F27A566F4DF4E728609C9236B0D1374CFAB41489CD55B3B7B1F6C1788CFF9C1
    SHA-512:176538AF5702A14B0562DFCDAC679ED9D69C46CD2E990A8AFA1DD1AF479EBF17353D27491CC02C66D6D232081843B13F2DCD9215E6C7E1494A00D75DEA568461
    Malicious:false
    Antivirus:
    • Antivirus: Virustotal, Detection: 0%, Browse
    • Antivirus: ReversingLabs, Detection: 0%
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q%.6...........#...............................!................................................................@................................u.......p.......................................................................................text....................... t...... ..`.data...B...........................@....rsrc...............................@....reloc.......p.......V..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0024.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):270336
    Entropy (8bit):5.252985958221316
    Encrypted:false
    SSDEEP:
    MD5:0CCEF5EAA05EF2BAC894AA4E62E880AB
    SHA1:A77422002C4F44406D940FF4A10A1B564EA8C131
    SHA-256:FC263C3243A123445858623F450DAD89A5E75267E4BB95DBE36642F07878FF3C
    SHA-512:F306AE8F739257AF237A6642280BB8C7B3C60C6FCF7056AE51F8BBC17C2F40F6592F1D5CE4670F0D30998F7F57D78AF031CEBC88184206242DAA53A18409BF5B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L......e...........!.....p........................06.........................P......................................`t......dr..(.......(j................... ..."..........................................P... ....................................text....e.......p.................. ..`.data...`$..........................@....rsrc...(j.......p..................@..@.reloc..."... ...0..................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0026.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):49152
    Entropy (8bit):4.156440133381996
    Encrypted:false
    SSDEEP:
    MD5:4F9D78A7AA666AF46D1422777F731913
    SHA1:E94F7696E21DBFD7F95A0A37BEFC7AF916238771
    SHA-256:F95EA48B2ACCE3430CD8535C49351A94220DF785C9905BAC4F6C93BAF64EE643
    SHA-512:46557831956D4EB0552E034F34D3021668FF9780689390EC3C056C646B70AC0ACE77F02A837D9082BCC93EDD97EFAC70BF5C7D7DBAF5F5F0DAF60C3C99425355
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 2%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=...y.q.y.q.y.q..|.x.q...u.x.q.Richy.q.........................PE..L....@.<...........!.....p...P.....................W................................=................................z.......y..(........ ..................................................................X... .......8............................text..."k.......p.................. ..`.data...............................@....rsrc.... .......0..................@..@.reloc..B...........................@..BH[.6............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0028.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):331776
    Entropy (8bit):6.333176341341012
    Encrypted:false
    SSDEEP:
    MD5:48F0159BFD1F753D11B4240ED45490FF
    SHA1:20410E1F0D8235B496C4BA916F0876584793FD2B
    SHA-256:D6C5C8E6FA9A45ACB702AD16399D4E1BEBDA29FC4D2C218198B01AD3DAADB93C
    SHA-512:D0131C451D229BA28DBA933E9539719545EDEC0BF8F89BDF19E26D52BDCEA44D97AE1698B0482B0C8B5D095CF618585A3F94C77434E1FED6D1F8BE9B8841A5E6
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L......d...........!.........p......L..............6.........................0......./......................................D...(........'..................................................................P... ....................................text............................... ..`.data...............................@....rsrc....'.......0..................@..@.reloc..2........ ..................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH002a.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):978944
    Entropy (8bit):5.746457717030502
    Encrypted:false
    SSDEEP:
    MD5:7B9CAF4367AB5FB296F6690077BE0663
    SHA1:E1D71448FCE1EB0AEEF4633B21897EE2F7B5D086
    SHA-256:ADDBFC09E432BF5FA82B456395EFA2E7CE06962D866139D82D0E0997A53DB851
    SHA-512:79DF2453E0A4C4EAD0ACBF090C76041D871BE429E26E8C925DEE8D332A2A8185F504AA96BAF7E141B300D8A0258158F0D13190375087A58BB0BA44E8F85A5BC5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L......e...........!.........`.....................U.........................0......................................p...........(.......T........................j..........................................P... ....................................text............................... ..`.data....=..........................@....rsrc...T...........................@..@.reloc..bn.......p..................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH002c.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):2.3504566016772293
    Encrypted:false
    SSDEEP:
    MD5:CD26A8D8DAEA003B1BE6D28880CB08A8
    SHA1:305D6A53954582DDF8B42863F6AF97BEF5FC01AA
    SHA-256:3AF234484DAF28CF286DCFD771E98A76A61A1AF74A166532D7A28FD3BE2F8076
    SHA-512:15FA90246ED96434F34FFBD3697CA4E1978F68FB6BC822451A8A64EA3625B4C05664B6E56A4B9FC5043643A0D7CCE0D9FBB4CC7B5DDF6A8411B85264F81CCF16
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9...}.q.}.q.}.q.R.|.|.q...u.|.q.Rich}.q.........................PE..L....s.8...........!..... ...0...............0...............................`......{...............................0"......T!..(....@..8....................P..L...........................................X... .......4............................text............ .................. ..`.data........0......................@....rsrc...8....@.......0..............@..@.reloc..`....P.......@..............@..B.^77............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH002e.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):98304
    Entropy (8bit):5.246881573679983
    Encrypted:false
    SSDEEP:
    MD5:62FA8B3D11E4BD70AE000AD452E3A652
    SHA1:A3E90B50FEE0CF9DBC7F77D381A6ACC6FB59EFAD
    SHA-256:73363F5119EB7B57F74EE92FF1080065A0301F8EBC0B25B1287356566A4146A7
    SHA-512:92D906521F1BD1FB104174EB7ABC9B1BF272F587D87BFF6F7256DA57D6DB8955B5C796355057FF3D17197D0C868F4C16BD521D2ABF76A1E9E0FFFDAD91ECFA80
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;..Z...Z...Z...F...Z...E...Z...{...Z..|z...Z..Rich.Z..................PE..L...bse7...........!..... ...p......8........0......................................?................................).......!..(....`..P...................................................................`... ....................................text...&........ .................. ..`.data...d#...0.......0..............@....rsrc...P....`... ...@..............@..@.reloc........... ...`..............@..B.^77............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0030.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):69632
    Entropy (8bit):4.679003869553484
    Encrypted:false
    SSDEEP:
    MD5:A02D68A59EAEA9D4608DAD60F83CCFDE
    SHA1:C12BFF050029E34BCA90E1D80C9C847E438EC4B4
    SHA-256:0F83E9E50DD7DFD1F70C90358054558578033F3D1BBD2D95352784609D93838D
    SHA-512:2600D37D96DAE27403B33F8EB3CADE99AB07BA4A5B8032C887B1E08EF018E1B0090097D59AE73981E1CADBD13D7B85F13D139969868B7A307B2621D0F33864D3
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 2%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=...y.q.y.q.y.q..|.x.q...u.x.q.Richy.q.........................PE..L.....<...........!.........@...............................................0.....................................0...........(............................ ..............................................X... .......h............................text............................... ..`.data...............................@....rsrc...............................@..@.reloc..,.... ......................@..BH[.6............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0032.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):28672
    Entropy (8bit):3.049776166526433
    Encrypted:false
    SSDEEP:
    MD5:F01EE42080340E81530F1F6F6D7AE02C
    SHA1:0876E23780A6DDFC443F09343455B47DFFFBC114
    SHA-256:048BEDAEA329ED89DAF14C3ACFBD8585EE8EEBF54580478547E0F6EB4A61A7A3
    SHA-512:1642110536A685A5A90A631593895A1047DC987247F153210D324EF9FCD7D0CE58D3C86DDA71DA9A964D5505D76D5382049CFC5012C1378593F0EC3B78D08BD2
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.q.'.q.'.q.#.|.&.q..u.&.q.Rich'.q.........................PE..L....@...........!.....0...@...............@.....j.................................................................7.......6..(....P.......................p..(...........................................X... .......H............................text....'.......0.................. ..`.data...H....@......................@....rsrc........P... ...@..............@..@.reloc..F....p.......`..............@..B.xu=............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0034.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):614400
    Entropy (8bit):7.37345791496555
    Encrypted:false
    SSDEEP:
    MD5:737CC83E3AC658777A984B7CAED4D586
    SHA1:BA90364921914EDFDA1F8C726EA8B8485CEEA76B
    SHA-256:44EF39631B824AD6157E8545AD3EFEE0BCB63D73E8C8420A981E474FB02BF5B6
    SHA-512:B980647F6D1683D36F2957F878522B970C70330E62B497289B69A8ED062E4E22929C32F913DB51F1799E219830B29AD464CD85753F8797F12449402D4D1C008D
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 3%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L...G.a]...........!.....0...0......t........@....p..........................p.......................................=......$<..(....P.......................`..8...........................................P... .......0............................text....-.......0.................. ..`.data........@......................@....rsrc........P.......@..............@..@.reloc.......`.......P..............@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0036.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):151552
    Entropy (8bit):5.049971707081366
    Encrypted:false
    SSDEEP:
    MD5:3083C43B120F4B38ECD5EB92439185F6
    SHA1:9112D3445DDDCE65A72123E14B4F8C9749A93E81
    SHA-256:84931A41233EFF34DF9C45D26C7E904FE8B4C97F2FD3233442BA6919AEABBD20
    SHA-512:570E531C5FC0B6B1801207FCBF844293DFA7D48E14152D9072656DC247875A8D85A2458ED9BD31BD2832F01E1A61318DF02A2A146CB761CAB17C36A6EBA1E2E4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L...n..e...........!.........p...............................................p.............................................T...(.... ..H!...................P..............................................P... ....................................text...u........................... ..`.data...............................@....rsrc...H!... ...0..................@..@.reloc..z....P... ...0..............@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0038.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):348160
    Entropy (8bit):7.256597293119583
    Encrypted:false
    SSDEEP:
    MD5:964BE1929C87412C2C400AD65B2DF003
    SHA1:62F069017E4DEE4AB8906F39418BF19BEA5E9977
    SHA-256:685B48AE73AFA57DE06A737F6183D723CA5B667F06E44EEE647D63886BEF6560
    SHA-512:D871E746904A9E843DAD754AE26DC2CCF3FD7B465F0DC1D4285F7E92706FC74C57F8E1CF53590219B92CC31A2F57833224074376E59CB915C12EB9DA5C860056
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L...E;.]...........!..... ...0...............0.....6.........................`.......................................*.......)..(....@.......................P..............................................P... .......4............................text...3........ .................. ..`.data........0......................@....rsrc........@.......0..............@..@.reloc.......P.......@..............@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0039.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):895488
    Entropy (8bit):6.6911576292255965
    Encrypted:false
    SSDEEP:
    MD5:FEF109A264FD3C7ECC1E6633B5E38AAB
    SHA1:F519C77EF9518FB5BDB33074996F27B254B73988
    SHA-256:149A22D0FB720037F7926391C113D3042E2F572CA1D3E48DA36840B57AC99EFB
    SHA-512:571BDE2702DC49F7D7D28AE42B1EB386E72D2587B52FF8E2C493F8BD9F75E54C4B5375723BEA984CCCEAE1BEB5C465C7CE525B13C3CC3CF0C37EA82739FA2C66
    Malicious:false
    Reputation:unknown
    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................$......4............................................................................................).......$..........................................................................................................CODE....L........................... ..`DATA................................@...BSS......................................idata...).......*..................@....edata..............................@..P.reloc..............................@..P.rsrc....$.......$..................@..P....................................@..P................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH003b.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):467952
    Entropy (8bit):6.3851069630408555
    Encrypted:false
    SSDEEP:
    MD5:7F0D43A77A0EFDC5D00D849047D78B1B
    SHA1:09325EDF12255E9E49BDD26EC97E5D52A84BF411
    SHA-256:B911EF2CEA0983E407293C40116780AA5E3FBB65B6466FEA55383D32F51BE6B9
    SHA-512:6D1063961AA1BACCCE370D7E5B67D07A00FB7CCB78FFBB27574488DA5C362FD214CA13778B9FBA9A187B4AC17C68930FCA670D662AA0FF601D2313E6B080FE35
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i...-z.R-z.R-z.R.f.R/z.R.Z.R)z.R{e.R.z.R-z.RJ{.ROe.R#z.R-z.Rez.R.e.R.z.R.Z.Riz.R.|.R,z.R.Z.R.z.RRich-z.R........PE..L...../:...........!......... ......C..............)......................... ......................................pL......./...........F.......................=...................................................................................text............................... ..`.rdata...M.......P..................@..@.data...t!...P... ...P..............@....rsrc....F.......P...p..............@..@.reloc...I.......P..................@..B........................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH003d.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):460744
    Entropy (8bit):6.343192645174317
    Encrypted:false
    SSDEEP:
    MD5:8CB18DC71E7E2826CA8D511658E6D1E4
    SHA1:620314DFB3E7102D2C42D030D4BE296128B07FE3
    SHA-256:68FD67E83573C712F8B31EEFB13B4376322B0A42490EDD362BE11BA40D4F9CB8
    SHA-512:6303F0F32AC96A9E06D82FC36465483EA4A6C230419A9A77E491010122EBE2A0A24DFA4CBD4D59EE8D5F13D08736CE3E2BC24359EEFCF316E0DE069C447C1E3C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...wS.5...........!.....P...................`...............................@.......................................[..m........................................f..................................................... ............................text....N.......P.................. ..`.rdata..}....`.......T..............@..@.data...88...`...$...R..............@....idata..D#.......$...v..............@....rsrc...............................@..@.reloc..Tp.......r..................@..B................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH003f.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):97280
    Entropy (8bit):5.85586167527215
    Encrypted:false
    SSDEEP:
    MD5:9AAD1A3472C46660EEC496F3E4CBD51F
    SHA1:95F2657B696E6E8CEC89A8C1A6E4D627EC9DEB56
    SHA-256:9CF7AA032D2A446AB11B6A38B08E03AB82CCEE4A6DB7BE533D821F24BAD14987
    SHA-512:D0FD849075700609746A92EFF20600B743E23CC3A031E8B1044B2A401B46D7F7EA617F50BC7A8F2E7856CDDA1D6651F62565EBCAC83463D995A3A95719D43E4A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..2...........!.....j... ...... w.............................................................................................................................................................................H................................text...Di.......j.................. ..`.rdata...........0...n..............@..@.data....%..........................@....idata..X...........................@....rsrc...............................@..@.reloc..B............d..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0041.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows 3.0 help, Mon Jun 26 07:46:43 1995, 15819 bytes
    Category:dropped
    Size (bytes):15819
    Entropy (8bit):5.621230348072978
    Encrypted:false
    SSDEEP:
    MD5:1784DAFFC1A6443BE7A6AD11ED0F7C72
    SHA1:F6CD5A668145384952EAC87989B9526EE3FFDA1F
    SHA-256:D86D6BB75F04C18314E047D1A99D16AB0C712F35ADD8EE8DA0C4E6CA60D1B069
    SHA-512:E520CF934E63F9AAD3356CB7E4CCF9F672F949FDF61CC2E1F46694B2ACB1ADD517B94AE861A85F8B8F53DB5F967587C0FB0DFBB1BBA54C471F19D28D950180E5
    Malicious:false
    Reputation:unknown
    Preview:?_..S........=..C...:........H...................(.-.6.<.E.J.U.].h.n...........................:.A.O.a.i.w.........................4.?.B.R.V.............'.-.2.5.9.<.C.F.L.W.Z.c.p.y.~...................................................$.+.4.:.A.J.P.W.].c.o.y.........................................................#.-.1.5.8.>.H.L.R.Y._.g.m.x.|...........................................(./.8.@.J.S.].h.l.p.s.w.|............................(such) a.re consi.dered sp.ell..corr.ectly wi.thout se.arching .the dict.ionaries..Add to .Custom b.utton an.d list b.oxAllCan.ce.@"@Chan.gesCheck.%...loseCu-z.nz.O0DiPFo.undHelpa@.However,.If cB.ed,@Ignore.0 .t..@.@.0Limi.tL..of su.g....sMov.P.sl......Not... } .` S8p.@..pwordNum@bersOK.AO4pe. /. *Qch oices..St.7.ar...P. .@[A.PerformQ.A.@Press..P.rompt Re.place...A.@..P%q&PW......*.. edi.!f.S."6SN.. .@.PSu`bsequ..Jq .40 .!a.The.. saurumQTh@isTo cM!ad c3R oh..ry0, pi]...y .f&.."."so ...is."visib.l-.,."pa.."."k{.i a..d....lPWhen=.W.. Q+rin .by9.a.log..aB#.?

    C:\Program Files (x86)\LEADER\Bin\~GLH0042.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):373528
    Entropy (8bit):6.267916653727831
    Encrypted:false
    SSDEEP:
    MD5:4B62A3B118CDB46A20A8899589BD318B
    SHA1:FF0DE49A684023E113D2D515CCBBDBD807EE6E03
    SHA-256:216552D2440168C68380E86374A24FEEBA1C6E0CABDE77FCDD90DC67D1A42E36
    SHA-512:C7B1B2E5CDD8625299699394EDC29A598C4594A5782DCAEEEF29ED1FFC6EF3F7356C78BE1DA135E500DE0FFCB9AB551BCD2A61E9BBAB3BA2FA3270A6999227AE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m~..).q.).q.).q.R.}.(.q.....2.q...{.W.q.).q...q...b.7.q.K.b.$.q.).p...q...z.4.q...w.(.q...u.(.q.Rich).q.................PE..L.....o7...........!.....`...................p...............................0......v......................................0............K.......................2...................................................p..|............................text....S.......`.................. ..`.rdata...D...p...P...p..............@..@.data...T........P..................@....rsrc....K.......P..................@..@.reloc..@>.......@...`..............@..B................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0044.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):399064
    Entropy (8bit):6.389712107492356
    Encrypted:false
    SSDEEP:
    MD5:C5A700222EB27D80B9FDAC0BF71D80A1
    SHA1:859E2CF2C354B3420E0D2C37787ABBF2EEAC0E8D
    SHA-256:C4A961AC0A818F3AD15BD1E8998E558159C5DF249F47C312AD28AD5E8198F7B8
    SHA-512:B29E45F1FD20FEE43B99951A65EED012B2E6277B7F5803AF767DFE7A341ABCEBBEF6BBE4FF27A110E8779142AE16D0C0BD103D930493CFD97D2FF9D31B8F46F0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X..I9.\I9.\I9.\2%.\H9.\.&.\J9.\.%.\S9.\.&.\79.\I9.\e9.\.&.\T9.\+&.\F9.\I9.\F8.\...\R9.\.?.\H9.\...\H9.\RichI9.\........................PE..L...0.M8...........!................. ...................................................................................................|...................P...5...................................................................................text...6........................... ..`.rdata...E.......P..................@..@.data...<........@..................@....rsrc....|...........@..............@..@.reloc...;...P...@..................@..B................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0046.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):278528
    Entropy (8bit):6.111524345263303
    Encrypted:false
    SSDEEP:
    MD5:46102A1B82E6857912C51D1A9F26A792
    SHA1:82C6422E4E5398239600685D0BF266145B4B73F2
    SHA-256:2FAA5578E0B07BF536F878FF976E476C9E191C5F2785F1F8C0903355DB5E7F16
    SHA-512:B01B0113E4F4E7E7E588FD49CDABE6BF69D2E4B657A0B254159BAC10626E181ECFE05F424E035E814F1FA559F8724AED39A44930A71C46D749A007DC86C31074
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U..................x.................Rich...................PE..L...A`.7...........!................(:............N..........................p......W.......................................d...(........U...................0..$6..........................................`... .......(............................text....{.......................... ..`.data....2..........................@....rsrc....U.......`..................@..@.reloc..P>...0...@..................@..BH[.6............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0048.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):70656
    Entropy (8bit):6.068761083153915
    Encrypted:false
    SSDEEP:
    MD5:B0867F678A48EE1E95FEBE4DD3EBD93C
    SHA1:5B684661200294898F9F1416695808594E1C159C
    SHA-256:E80C73D6838CF71ADE760666BA427634659078D575B1C7258CDECD454C0C4E3E
    SHA-512:9866A069A2BE2842873170A9BFCC1F6FDA4F4A057261630A3633CB0A8614844B02D8B80525EC2C4E935D752340CEA830B3BC4F23051345ADC4C0195E4F1E414D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......2...........!.........n...............................................`......................................p........ ..d....0..x....................P.......................................................!..|............................text...r........................... ..`.rdata..V...........................@..@.data....&..........................@....idata..z.... ......................@....rsrc...x....0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH004a.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):176128
    Entropy (8bit):6.075838995531169
    Encrypted:false
    SSDEEP:
    MD5:698D50CE867524F584614E0BFCD9D9C9
    SHA1:A9C641B973FBA3E618E05CF8F17550B0E7E0AAE2
    SHA-256:2762021F813E085EA50D519FBF449909A2EA711741F9122DFAB7A1474E08D729
    SHA-512:E6FF51D63395974B83A6665B8FA88C724A59A825AD02AA05C6A8E66622FB6A8E3F943A8084FAABDA5CF5DCABD38503691D1E33288F0FFD76AA373B8A56617296
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p....{...{...{...u...{...r...{..0v...{.{1....{.Rich..{.................PE..L.....w7...........!..... ..........T%.......0.....E................................................................p'..........P....`...4......................L)..........................................`...X.......$............................text............ .................. ..`.data... !...0.......0..............@....rsrc....4...`...@...@..............@..@.reloc..,-.......0..................@..B...6(......65......6?....^77J...........KERNEL32.DLL.NTDLL.DLL.USER32.DLL.MSVBVM60.DLL..................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH004c.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):458752
    Entropy (8bit):6.357887444123624
    Encrypted:false
    SSDEEP:
    MD5:D24110548EDC629C64DBF2C1A57B9C1A
    SHA1:0C38D9EF68A849EF6D92D6722813E4BCA2988CED
    SHA-256:55B42158DBE1E5A1C43A3AD92D756CB91147DA1494E74198F93B3D5828E24956
    SHA-512:CE6BDCC3C45E1AD399F3B2FD027D6E5169363AD4E47B3E360CA8F0F243CF855422180AF921C72D9D942FD2275FE0656EC40C3C5F093409818C937EEABD586E7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W......D...D...Dh..D...DE..D;..D...D...D...D...D...D...D...D...D...D...DJ..D...D...D...D...D...D...D...DRich...D........PE..L......9...........!.....`...........c.......p...............................@..............................................x....... ...........................a...................................................p...............................text...i[.......`.................. ..`.rdata..v,...p...0...p..............@..@.data... y.......@..................@....rsrc........ ......................@..@.reloc..............p..............@..B................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH004e.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):90112
    Entropy (8bit):5.089217806514324
    Encrypted:false
    SSDEEP:
    MD5:608DB3215536F18540D8055C5684497D
    SHA1:5E94D6EC0C4D8E145A1F0CBFF8402E7C59633A82
    SHA-256:CC269E15C8F01FFAD5D6B58A8B35ACBC4C58E56CC2839584FDE83D1454625482
    SHA-512:D961EBBD152B712F4A92836129165031206545184991A06EDF485D8C5FDCE5F11C6DF043F74FE193891D310984B537E19B904B2D96E0FCFDD0F89CBAE91FD27C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...mj..mj..mj...v..lj...u..oj...u..lj...u..lj..Richmj..........PE..L...>..9...........!.........................................................p..................................................(.......h1...................P..............................................X... .......@............................text...3........................... ..`.data...............................@....rsrc...h1.......@..................@..@.reloc.......P... ...@..............@..B.^77............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0050.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):53248
    Entropy (8bit):4.362853150418287
    Encrypted:false
    SSDEEP:
    MD5:2C9A6AA6204A80CD8EE40F7958D59F11
    SHA1:F216BDFC3A9921ECC1F87C7D997B9AD0001CD120
    SHA-256:0B378E03B123AD7FE4715FAC1F9563BDD3606C48A02BD1C7EFC0D6C813D8D77D
    SHA-512:1577764C7CFB71AECF62D22BE307A8AC8B43C85A96A9D39C9B428D75F5CFAB0695E8DD0777F4FF9374505A1BC68F82088768CEC69D36FDDB2C909093FD68D4FE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=...y.q.y.q.y.q..|.x.q...u.x.q.Richy.q.........................PE..L....;0:...........!.........@......x................................................]......................................$...(...............................l...........................................X... ....................................text............................... ..`.data...............................@....rsrc............ ..................@..@.reloc..............................@..B.m/9............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0052.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):446464
    Entropy (8bit):6.231857747585676
    Encrypted:false
    SSDEEP:
    MD5:E456ECE8AF232B35CB840A57F6753F87
    SHA1:A98DDF61BA0DB2C071073AE7E3A099B5CBA6010C
    SHA-256:70077E15F1A2BFA30C41793636B1C400E2BDDEE6EAEEEAC8154333D35DB91F0F
    SHA-512:7629831740DC8F2547262E41E3190281F55220907CE507947C79913A6BCB87CEB2354FCF38A31D4C9D83F79353C35713E17A1F699F971F757A6E520DB6544BD2
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y........................................1...t...........W...............w...O...............Rich....................PE..L......:...........!.....P..........ex.......`.....@................................................................ <...... ...........`........................S...................................................`...............................text....E.......P.................. ..`.rdata.......`.......`..............@..@.data........@...`...@..............@....rsrc...`...........................@..@.reloc..d............@..............@..B................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0054.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):49152
    Entropy (8bit):4.356793972262337
    Encrypted:false
    SSDEEP:
    MD5:27669F2ABE332AC5EF302E8A0919DADD
    SHA1:789F55FCAF7FA8C6580FF345974C0E9136BEFEE2
    SHA-256:D6A8306F0BC4F879ED38FDB2D177C5740396A407EF284F28C875B281C9A53EFE
    SHA-512:BA50FE3B5C18FC8CABB539AF1F655CF17DD24CBC718AB11E2FD6394352C861B65A240B56735BCF237C1EC17CCAEA1BD4B5A695F4668237B876E3B6EB15D1314E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........}...}...}..8a...}..._...}..._...}..D]...}..Rich.}..................PE..L......:...........!.....p...P......................................................................................0x.......r..(.......T...................................................................`... .......4............................text....h.......p.................. ..`.data...............................@....rsrc...T........ ..................@..@.reloc..............................@..B.m/9............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0056.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):28672
    Entropy (8bit):3.6387207259885197
    Encrypted:false
    SSDEEP:
    MD5:2F50C22C4EDB0081D5FADDAFB78E1ADF
    SHA1:78F805E530A544439B6B994EA4AB154D6F556E34
    SHA-256:052E899E13E8F513CD74C5A941548DDC8B98F10CE72E15B4B64EE78D27294057
    SHA-512:FBB11BD381EB1CEF089603F6B82C4E0A609CE0E62058F8DC12B4E429B5FF16E83DE9C5AF094A6B3E6B79D5CD4D5DE361054CB37A16CCD493315539CD976C128C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........}...}...}..8a...}..._...}..._...}..D]...}..Rich.}..................PE..L.....:...........!.....0...0...............@.....B.........................p......aL...............................:......D6..(....P.......................`..............................................`... ....................................text...v+.......0.................. ..`.data........@.......@..............@....rsrc........P.......P..............@..@.reloc..0....`.......`..............@..B.m/9............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0058.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):122880
    Entropy (8bit):5.055351231701599
    Encrypted:false
    SSDEEP:
    MD5:AD3FF92107A8EA48335E9FF66A6BD5A6
    SHA1:3E3295703102315C82B1CC2043E991ECF8E0B173
    SHA-256:67ED66104885445B7297E5A23B1BAB980A33D62A3D312916010025AF5959E8F5
    SHA-512:1E95178ED82AEBD9B722468CF1CD52A27C72980DA166DEA3BE0131AA1B62EB6E151F562104608249A636FEC6ADB95955DB3CC93F43F0B80AA3D3939546603B7B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=...y.q.y.q.y.q..|.x.q...u.x.q.Richy.q.........................PE..L...BmP;...........!................................................................................................p.......d...(........8..................................................................X... .......H............................text....s.......................... ..`.data....+..........................@....rsrc....8.......@..................@..@.reloc..`...........................@..B.|.9............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH005a.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):897024
    Entropy (8bit):6.3109544955693755
    Encrypted:false
    SSDEEP:
    MD5:BDC3541A2F1EABF9B3D295BCB2F75534
    SHA1:DBA25409EB94864C670ADA22D434E10F2B66A0A8
    SHA-256:9DFDFFF3E16107A08C63988231898CF18BC74F7E6C5FBECCE86E82F34416640D
    SHA-512:DD1C807F147A805FB6FF733AA6644A829DB0D6C2067B20C609CBB0C5A4DDE33126237220EEAC0DFF165B1E0229DBA68C59D46E74479D3A54C312DCD8D820F15C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....{...{...{.I.u...{...r...{.#.v...{.".....{.Rich..{.........................PE..L...9.bd...........!................\...............................................@..........................................(.......@..................................................................h... ....................................text...z........................... ..`.data...............................@....rsrc...@...........................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH005c.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):493328
    Entropy (8bit):6.429321710388668
    Encrypted:false
    SSDEEP:
    MD5:DB9C70B29B587FC16BA37D88609C66B0
    SHA1:9CCBD5C5F0D268B3B42E2F636A553AF3EB42ECE9
    SHA-256:6CCFE59CFE1FE407EE8819FD043F4D036E56F680A4E81173161BC2043B91697D
    SHA-512:22370A11B80F58C5D7D7A75214EC05F0F6725EC9AFF6B3B210444C4B1370518631CF62F94C5666FF58A9C7DBF1B9946960CB7451CEE8E6FD0B1A5053495DDDBD
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2 Wp\sWp\sWp\s.lRsTp\s8oWsVp\s8oVsSp\s8oXsUp\s.oOswp\sWp]s:q\s5oOsYp\sWp\s.p\s.RWsTp\s.PWsVp\sQSWs.p\s.vZsVp\s.PXsVp\sRichWp\s................PE..L.....<...........!.....@...0.......G.......P.....)................................Cg..................................................Q...........p.......0..\@...................................................P.. ............................text....9.......@.................. ..`.rdata...N...P...P...P..............@..@.data....!....... ..................@....rsrc....Q.......`..................@..@.reloc..FK...0...P... ..............@..B........................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH005e.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
    Category:dropped
    Size (bytes):713728
    Entropy (8bit):7.40408306420629
    Encrypted:false
    SSDEEP:
    MD5:55CBADDE8A71C5DE7203A418C98D3AC7
    SHA1:1BA1A3B77D263C847AC5474E8CB91B288D3FA874
    SHA-256:AD757C8AF86277BBBAABE831DB3FE49012B7C2867D08B1466AE7D1EF73845435
    SHA-512:DF394EB9A12DC5948344B57105C95A811678F2DA5AB2DF2A451F23A03FE4738EFE0BE54C574BD81FBDBB838CE5350160AF6B5D493F5AAEFA02CC92AF943C11B1
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{=.4?\.g?\.g?\.gD@.g=\.g.@.g&\.gPC.g.\.ga~.g<\.gPC.g2\.g...g=\.g...g4\.g.~.g=\.g...g0\.g?\.gN].g9..g.\.g.Z.g>\.g.|.g>\.gRich?\.g........................PE..L...u.Z<...........!.....p...........X.......`....H`................................................................p................`...o..........................................................................................................UPX0....................................UPX1.....p.......l..................@....rsrc........`...t...p..............@...............................................................................................................................................................................................$Info: This file is packed with the UPX executable packer http://upx.tsx.org $..$Id: UPX 1.01 Copyright (C) 1996-2000 the UPX Team. All Rights Reserved. $..UPX!....

    C:\Program Files (x86)\LEADER\Bin\~GLH0060.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):569344
    Entropy (8bit):6.1419354872122245
    Encrypted:false
    SSDEEP:
    MD5:6008E86D24B778902D174448BC31B0D6
    SHA1:4C72A929AEB48061FF5C2E96272BC78A51FB1C83
    SHA-256:8A6D0ACD981FE0DE21D40555D3760E39F39D1CFAB27903DF2999B727748C2A69
    SHA-512:5F58911E52DDC3512FF1455984B001D384577735D8DCE9A80313D1D2528DD85362F406B0C30471C085FCB9E3A6A21FCC4250281915596C0379047A5985DD8BFD
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5f.uq..&q..&q..&...&p..&>%.&h..&u$.&p..&.'.&p..&Richq..&........................PE..L...#aAB...........!.....0...........E.......@......................................|................................;......./..(............................@.............................................h... ....................................text....,.......0.................. ..`.data...|J...@.......@..............@....rsrc................P..............@..@.reloc..B....@......................@..B.xu=............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0062.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):28672
    Entropy (8bit):3.2759594709462525
    Encrypted:false
    SSDEEP:
    MD5:06C5EC062F21799BABF095CC06286B39
    SHA1:E2706AC8A442672469B147329D3CA46F20FC0945
    SHA-256:8B219895E6CECB6516D804910A8A38ECCDDD35874EC153CD6DB07DB48DCC3699
    SHA-512:FDADDFFDD274D038A679CDC4455019D23EFEAE7298A5AE28CD30E3FC4B720675761D22FDF0FB3FEC9A71F826858997B1FAE51595A8260D416BE279462DF2DAE8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9...}.q.}.q.}.q.R.|.|.q...u.|.q.Rich}.q.........................PE..L......8...........!.....0...@...............@.....$.................................y...............................8.......7..(....P.......................p..............................................X... .......T............................text....(.......0.................. ..`.data........@......................@....rsrc........P... ...@..............@..@.reloc.......p.......`..............@..B.^77............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0064.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:RIFF (little-endian) data, AVI, 260 x 40, 10.00 fps, video: RLE 8bpp
    Category:dropped
    Size (bytes):9484
    Entropy (8bit):4.092094049036708
    Encrypted:false
    SSDEEP:
    MD5:34B5BC08ACDA9850686B42C869E631A3
    SHA1:93A9EF0BFC9FE09935C04371A902DC688D67D1AE
    SHA-256:C49C3293383D2777BEEDF2265F01D87E9C122328681065E9EB2F9C1D5A75CCCE
    SHA-512:45ED41904AC5A170205330A98A45E8D87C2D0E2D1CD30400206E35A97119E79593555682BD95EA380CEC2542BEE4F8E49ED8771E81F2386A8EB553E5F44845A1
    Malicious:false
    Reputation:unknown
    Preview:RIFF.%..AVI LIST....hdrlavih8...........OPY.........................(......8...l9..(....LIST....strlstrh8...vidsRLE ................@B..........*....'..............strfh...(.......(............(..................................................................................vedt............JUNK......t........a.^..v..V..V............*.......u....t.......U....WV.v...+...V..:....=.t....GW.......^..7.^..?^_..]...U.../P.v..V......]...U.../P.v..*......]...U....WV.v.V.8..............G..P../P.N............_...0...............................................|.0.8................................................\.&......2`.<.........................l...............................D@H.D@..........'...............................'.....,.........'............................. .........'.................(.............................!'....$...........1.........'.........................4.'....V..L.<.............l=Hm.`q.....\.........q.p...............!',.............!'..(.............1

    C:\Program Files (x86)\LEADER\Bin\~GLH0065.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
    Category:dropped
    Size (bytes):9158
    Entropy (8bit):3.8173269579736644
    Encrypted:false
    SSDEEP:
    MD5:5A94CEE0DBB18148499915C5C79F54B7
    SHA1:A5F478169E5BBE24B91BFDC2C25470CE0F6F1934
    SHA-256:0CCDC16B9034FACFB1E8D10BF30EC857E85D0CF4B9FED3779B82E9DB6CB85A06
    SHA-512:2C3A35DF16ADEA3B29C594D8C6DF164E20CF16D337F2BBCDED474D8C8768E66F2B90C2EF9862DAAD05878FFF842CC7FC89241792F219304EA9FE3516FDF5CE04
    Malicious:false
    Reputation:unknown
    Preview:......00..........F... ......................................h...^...(...0...`...................................ooo.ppp..................................................&..!!..$$..,'.."*..++..--..*1..21..11..52..66..;;..=:..8?..B5..B>..>O..>]...p.."v..)w...t..0y..>}..A@..FO..II..JL..NN..FR..C^..NX..TT..WW.._S..ZV..[[..XX..aV..c_..q]..La..[c..Zo..bb..dd..hc..bn..ii..mm..xl..qq...v......n...v............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0066.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows icon resource - 6 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
    Category:dropped
    Size (bytes):22486
    Entropy (8bit):4.463750079084321
    Encrypted:false
    SSDEEP:
    MD5:7D88BF3C372AAAEE1E829108DD56C28D
    SHA1:5DF5F90740CD1E4727A847848DD2049FDDC4B97E
    SHA-256:2663E7D3AE3B7EA397A55EA84C5FBD205E52A9E01304B08B9753FEACC6C0C098
    SHA-512:1E62DE60EAECAC2065D448B518206EAC4E188E2E31B71443C50DC9D45AA483B8FF74BE87F0F2BE76BACD5FC98FCEEEAC108872F984EB79F46F2E240E523CF963
    Malicious:false
    Reputation:unknown
    Preview:......00..........f... ......................h.......00.... ..%...... .... ......B........ .h...nS..(...0...`.......................................................................................................'''.777.GGG.WWW.ggg.www...................................L.................LL............L......&...1...J..Lr........... L..6...L.......{..L............1L..Q...r..........L............AL..m..............L............LG...v.............L............L6...[............L............L&...?...Y...r.....L............L....$...3...A...[.L............L................).L.Y..........L.......... ...:...f.L..........L..-...?...Q...k.....L.........+L..H...e.............L.........<L..d.................L.........LL....................L.........L<...d...............L........L+...H...f...........L........L....-...?...Q...k....L........L............ ...:...eL.........L.................)..LY.........L.....$...2...A...[..L..........L.&...?...Y...r......L..........L.6...[..............L....

    C:\Program Files (x86)\LEADER\Bin\~GLH0067.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
    Category:dropped
    Size (bytes):9158
    Entropy (8bit):4.020091845420685
    Encrypted:false
    SSDEEP:
    MD5:F1A7D4193E8AFB2AEF708AAE670DBC4B
    SHA1:56705A6141C062C6B738137ADAFD06061419B014
    SHA-256:85732AFAB389B295E72B3A5BE06DFB879AD721E153E8A51652AAC02E1488646D
    SHA-512:C016EA67CFAB7320467BE3FFACE960B5CAF4A72A7D84DA2D8B0EC73655509A3E4F163874C04E1965276CA87C7837BE99C7BAF18C3A6BF56D3B9F27EC5EEE0507
    Malicious:false
    Reputation:unknown
    Preview:......00..........F... ......................................h...^...(...0...`...................................ooo.ppp..............................&..!!..,'..++..*1..66..=:..B5..B>..A@..FO..II..FR..NX..WW.._S..XX..aV..c_..q]..La..[c..dd..hc..bn..ii..xl..qq...v......h...k... ...T...V...Z...Z...Z...\...h...f...j...l...g...n...o...d...n...h...r...s.......v...p...n...v...U...Z...h...(...,.../...)...1...:...=...@...K...U...[...\...b...g...k...n...b...p...y...z...}...r...a...d...c...a...d...j...l...f...w...t...{...{...r...y........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0068.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Windows Registry little-endian text (Win2K or above)
    Category:dropped
    Size (bytes):3176
    Entropy (8bit):3.705302473519483
    Encrypted:false
    SSDEEP:
    MD5:AD58D6370A38710EA6FAEFF26296F6E5
    SHA1:5990FC3E695A135EACEFC04260598DBF8CC1AC19
    SHA-256:B70457C668DEC58C0A38A6473980E925E8EDD1CC02CD287F62BA51D1CB9FC1CA
    SHA-512:EB7F90004D55456B3FF370207BA245D1A37CB6AFC6ADD91D5F0059C0F6B52385C267288A498D607B19A7854164A8AD643EA2602493FFD726FF1519F114D6D1B9
    Malicious:false
    Reputation:unknown
    Preview:..W.i.n.d.o.w.s. .R.e.g.i.s.t.r.y. .E.d.i.t.o.r. .V.e.r.s.i.o.n. .5...0.0.........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.A.B.S._.C.o.n.s.u.l.t.i.n.g.].........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.A.B.S._.C.o.n.s.u.l.t.i.n.g.\.L.E.A.D.E.R.].........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.A.B.S._.C.o.n.s.u.l.t.i.n.g.\.L.E.A.D.E.R.\.A.u.t.o.B.a.c.k.u.p.].....".I.n.t.e.r.v.a.l.".=.".1.5.".....".E.n.a.b.l.e.d.".=.".T.r.u.e.".....".M.a.x.F.i.l.e.s.".=.".8.".........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.A.B.S._.C.o.n.s.u.l.t.i.n.g.\.L.E.A.D.E.R.\.D.i.c.t.i.o.n.a.r.y.].....".S.t.a.n.d.a.r.d.D.i.c.t.i.o.n.a.r.y.".=.".C.:.\.\.L.E.A.D.E.R.\.\.A.m.e.r.i.c.a.n...v.t.d.".....".C.u.s.t.o.m.D.i.c.t.i.o.n.a.r.y.".=.".C.:.\.\.L.E.A.D.E.R.\.\.C.u.s.t.o.m...d.i.c.".........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.A.B.S._.C.o.n.s.u.l.t.i.n.g.\.L.E.A.D.E.R.\.H.o.m.e.].....".D.i.r.e.c.t.o.r.y.".=.".C.:.\.\.L.E.A.D.

    C:\Program Files (x86)\LEADER\Bin\~GLH0069.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):53248
    Entropy (8bit):5.002178020558575
    Encrypted:false
    SSDEEP:
    MD5:C58B8B21C066DDAEBF865C807729E01E
    SHA1:BA19B247978FEF28759EE90925059D4AB2CD2431
    SHA-256:40C87149F2D1BF5021CB7C481BD62823ED413D1857AE764FB647573206732246
    SHA-512:247CF78B0D33215D9CE3EFEB01A286D4B2E392B081ACE2D7C3832A9ECB69113B3030B86179C6EB12A8416F1A4D8BD0EBB5C52A840C1206E106C9038E6971DE3B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M..................`.................Rich...........................PE..L...VN.\...........!.........@......................................................D..........................................(...........................................................................h... .......`............................text...g........................... ..`.data...T...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH006b.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
    Category:dropped
    Size (bytes):529436
    Entropy (8bit):7.404294054350747
    Encrypted:false
    SSDEEP:
    MD5:5CC2643AA8DE4BDE863FC9A66DF0B78B
    SHA1:C78628E2655D9C08634439468432929C06519620
    SHA-256:75CACDAADF58294363F3766A39728B30F23AB372DA6BD71E946507EF8368F42B
    SHA-512:9F3059A6312A3A2ABB38450E47F497455610A1297440ED21A02BD9732881E18644F1A592953D9615968F6213406A7F0CC72DE36F88B02840F08C51741E3DA96C
    Malicious:false
    Reputation:unknown
    Preview:RIFF....WAVEfmt ........"V...X......data................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH006c.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):299008
    Entropy (8bit):6.229220592179937
    Encrypted:false
    SSDEEP:
    MD5:D0C8CAA212A2C871ADAA30322ADC0688
    SHA1:423032BE34A9491FA3F9B52B45BAC155600B462F
    SHA-256:A0793113BDE91BF215F173379C05B0F9CF12460EB66F9F002FE7356ECEE65414
    SHA-512:DD18B7CCDB8ECDEB45AF7FF09182B91CAFB873DAFFCF46D1C5330CC0040EB82B0A4DE73B2B66524CE790F01DD85EC3E06D20F2C7F8D50C685E370B7338D13F80
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.f.3..R3..R3..Rm..R1..Re..R...RQ..R=..R3..R{..R...R0..R\..R7..R\..R0..R\..R2..R3..R...R..R2..R5..Rq..R...R2..R..R2..RRich3..R................PE..L......<...........!...............................)................................................................@=......($.......`.......................P...(......................................................D............................text............................... ..`.rdata...=.......@..................@..@.data........@... ...@..............@....rsrc........`.......`..............@..@.reloc..:2...P...@...P..............@..B........................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH006e.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):1712128
    Entropy (8bit):5.944769346213562
    Encrypted:false
    SSDEEP:
    MD5:81F9E5CF068AF0B418311F0FF7700EC8
    SHA1:E40F20AE8BD24DF54C158FC218F5920DB6AA16E0
    SHA-256:89412DF683BFB4F02B8203D549F51E536191EF0D4AA3F5EFF85148B1A072A40F
    SHA-512:A0DE03849FC654719139D0B7DDDA58C886165C22780FB5CCA1BBCAFB2A9AAC03CE43BC3B77ABDCB76875F111306ED149E5BEC9EC544FCF2A2AAA1C5D063C535C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................Q...............;.......:......Rich............................PE..L......d...........!.........0......d........................................0.............................................D...(.... .......................@..............................................h... ....................................text...T........................... ..`.data...$...........................@....rsrc........ ... ..................@..@.reloc.......@.......0..............@..Bl.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH0070.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):49152
    Entropy (8bit):4.510690879715675
    Encrypted:false
    SSDEEP:
    MD5:A54B3DCC5E500B1623F9E6F413EA0640
    SHA1:D2C8225FD25764D9882E90A7680F62D73A76041D
    SHA-256:70E2F77B1B33A76EB5B964A551F8FA2D0F664CDA8579BC0EE5680C003AEE347D
    SHA-512:441E6463729FC663EAE810497F71BBF796F409ED7C425998374DB73A795E2148F4499DBAE295F4DD70F3C1A7633D4430C1768199E5129F23FD4641BC89684FC8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L.....Ud...........!.........0......(................................................l......................................T...(...........................................................................P... .......t............................text...2........................... ..`.data...d...........................@....rsrc...............................@..@.reloc..............................@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\Bin\~GLH00be.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):149504
    Entropy (8bit):5.653617845218506
    Encrypted:false
    SSDEEP:
    MD5:443E13846997C537E8F5ED61130AB705
    SHA1:6B10D458A5F1E3DBF8DFA96B118CF232D3A66F5F
    SHA-256:49EF36BD01B8EBF38C7B807A5FB44CBAF47C9D4EFA883B01C41494C61AE4A2E2
    SHA-512:DD994D001F7DE591CD03A7D875EC0A96BE0DBF31EE7C2508AB67C701A27BDEBDCB14DFFD7F971F2DC5B86BB44443E4816880D73CACF7974B1731078A841FDDB8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{"..?C..?C..?C..D_..=C...\..>C..._..3C..?C..>C..]\..2C..?C...C...\...C...E..>C...\..>C..Rich?C..........PE..L...a.s7.....................d......Y.............@..........................p...................................... .......H........@...%..............................................................................h............................text...7........................... ..`.rdata..............................@..@.data........ ......................@....rsrc....%...@...&..."..............@..@........................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\CustomHelp.htm (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F9E9CD460D9A2002A28233D57EC980F4
    SHA1:F293B2E64CB0DFD915CF3DBE0197E52147068CFB
    SHA-256:F3F4E3D9C566BD83F1AA37BED4EDEBB2F06EE74D2A41CC353FE83015606B3B57
    SHA-512:0215EB1241810261204D7DA31B013C02FDC94541DB95BF965C6153DB9F38DA442600C197F2135B108188055518961EFD6964ABD4F5B1F752697A5AC21D45ECE6
    Malicious:false
    Reputation:unknown
    Preview:<html>....<head>....<title>Custom Help</title>....</head>....<body>....<h1>CustomHelp.htm</h1>....<p>Edit this HTML file or replace it with one of your own to provide customized help for LEADER users in your organization.&nbsp; </p>..<p>This file can be opened by clicking on <b>Help &gt; Custom Help</b> on LEADER's main menu.</p>....</body>....</html>..

    C:\Program Files (x86)\LEADER\bin\TimesUp.wav (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5CC2643AA8DE4BDE863FC9A66DF0B78B
    SHA1:C78628E2655D9C08634439468432929C06519620
    SHA-256:75CACDAADF58294363F3766A39728B30F23AB372DA6BD71E946507EF8368F42B
    SHA-512:9F3059A6312A3A2ABB38450E47F497455610A1297440ED21A02BD9732881E18644F1A592953D9615968F6213406A7F0CC72DE36F88B02840F08C51741E3DA96C
    Malicious:false
    Reputation:unknown
    Preview:RIFF....WAVEfmt ........"V...X......data................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\~GLH0016.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):3981312
    Entropy (8bit):6.257746764198427
    Encrypted:false
    SSDEEP:
    MD5:486B47F8595639C22CF00087A3D21456
    SHA1:B12B0560FCAE42997C9823934231074C65F0CFD2
    SHA-256:88802B71032CB10CB55599DF07E342A74ACDCC018339F2017FE31799FA960F7F
    SHA-512:C03C337D3F0645860054AF81CDFC09722873A630DF643EB44021E2F66BF1FAE352DB11CBBAFA0850E3E5A8D3370B0BACA4EBEE02A85D13D1F0061AED68EA9199
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............si..si..si..ld..si.Rich.si.........................PE..L....Y.e.................P<.........X........`<...@...........................>.....N~=......................................]<.(.....=.l]..................................................................(... .......T............................text....O<......P<................. ..`.data....M...`<.....................@....rsrc...l]....=..`...`<.............@..@l.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\LEADER\~GLH0075.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:data
    Category:dropped
    Size (bytes):264288
    Entropy (8bit):6.6692259983102735
    Encrypted:false
    SSDEEP:
    MD5:19018A3FC0A354361D00ED59E1FBAD6B
    SHA1:8865CA917CE445E10C4C59F1A0D393DB5159D343
    SHA-256:68E008CF02C45A853FBADD959068600DD4D8EAE4B33AE0F7C21B77F7AA7A92C4
    SHA-512:C1E2B98E5C610531966399CEA49AA9FE45A62D3B815155D979BA4B10C2662989435DD739EDA5DA676589848E97F1F5C2934AD89B820B52FB57187C6E8F6B5B3B
    Malicious:false
    Reputation:unknown
    Preview:........C.......WN.....9.................................}..rd.Copyright (c) 1995 by Visual Components, Inc. All Rights Reserved...............................................................................................................................e......."e.*j.-..1.?6.?:.?A.:..,.-k./.?4n.)l.)q.)s.;.;.1v.0.1z.)}.7.?>.4.?6..8~.-.6../.?:.0.).6.1.;.<..1.?7B.+.?3.)...D.6..;...D.1..;..).).?6..6..,|.:.-.,..;..).?*.?-.?.../.?0.?1..4.?8D.<..*.?,.?5..6.@;..)..5..,..3..).?-.?=..6..1x.A..:..<..9..=..-..:..@..)..6..,..-..:..1..)i.-..1..7..6..3.?9..1..)y.6B.=..)..5..*..)A.-.?0.?1D./.?6..0..-..<..)..4..4..7..?D.7..7..)z?-s?1..5e?7D.;b.:x?Bu.1w.4v.4..7t.6..:q?;..1p.+n?6f.)m..D.6j.;...D.).@1..;..,..7d.6c.1..<a.-`.:..)Y?,V?/O?3..62?<..0X.-W.1u.-..:S?A..-.@7Q.5P.-..-K?4G?7..=D.4J.-D.7.@=..1E?7B.+D.)..1...D.8??;..0>.1<?7..4;..D.-B@17?;..)5.+...D.+.@;..)/.-.@1p.8.))?0#?1"?7.??..-..:'.+&.<%.1$.+..7.+.?/.?4{.0.=..6.-..:.)..0.?7..8.?:.:..7..,.).?4..4..).?7..+.7.-.=..)..:..

    C:\Program Files (x86)\LEADER\~GLH0076.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):355
    Entropy (8bit):4.889585424939446
    Encrypted:false
    SSDEEP:
    MD5:F9E9CD460D9A2002A28233D57EC980F4
    SHA1:F293B2E64CB0DFD915CF3DBE0197E52147068CFB
    SHA-256:F3F4E3D9C566BD83F1AA37BED4EDEBB2F06EE74D2A41CC353FE83015606B3B57
    SHA-512:0215EB1241810261204D7DA31B013C02FDC94541DB95BF965C6153DB9F38DA442600C197F2135B108188055518961EFD6964ABD4F5B1F752697A5AC21D45ECE6
    Malicious:false
    Reputation:unknown
    Preview:<html>....<head>....<title>Custom Help</title>....</head>....<body>....<h1>CustomHelp.htm</h1>....<p>Edit this HTML file or replace it with one of your own to provide customized help for LEADER users in your organization.&nbsp; </p>..<p>This file can be opened by clicking on <b>Help &gt; Custom Help</b> on LEADER's main menu.</p>....</body>....</html>..

    C:\ProgramData\LEADER\Help.chm (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows HtmlHelp Data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:45540946E6103733968DB693EBAB4C60
    SHA1:6674ECCAD5238E0CE2A804B37B88431F2D8AA7C8
    SHA-256:71512DEF2532AB9A528020E5AC704B6BD37ADFD795587FF1595A7BA3430E7CD5
    SHA-512:5D80EF6B421036F37B6C95540FCB61DC41244EF407B87605E343BAA3CE670F38666EC161775DE3A1E97D4057B45622F18507ADD4D6A41454E7F7096519F96A39
    Malicious:false
    Reputation:unknown
    Preview:ITSF....`..................|.{.......".....|.{......."..`...............x.......TP.......P...............* .............ITSP....T...........................................j..].!......."..T...............PMGL3................/..../#BSSC....=../#IDXHDR....3.../#ITBITS..../#IVB...(T./#STRINGS......../#SYSTEM...."./#TOPICS....3.@./#URLSTR....c.K./#URLTBL....s.p./#WINDOWS......./$FIftiMain....=..v./$OBJINST....W.f./$WWAssociativeLinks/..../$WWAssociativeLinks/BTree.... .L./$WWAssociativeLinks/Data....lA./$WWAssociativeLinks/Map....-../$WWAssociativeLinks/Property....7 ./$WWKeywordLinks/..../$WWKeywordLinks/BTree...|..L./$WWKeywordLinks/Data...H.n./$WWKeywordLinks/Map....6J./$WWKeywordLinks/Property..... ./About our software.htm...l.5./Access_Utilities/...'/Access_Utilities/Access_and_LEADER.htm...$.K,/Access_Utilities/Access_Reports_utility.htm...I.U*/Access_Utilities/Action_Items_Manager.htm......//Access_Utilities/Finding or Replacing Data.htm.....o./Actions 32px.bmp....h.6./actionty

    C:\ProgramData\LEADER\~GLH00bc.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows HtmlHelp Data
    Category:dropped
    Size (bytes):2108096
    Entropy (8bit):7.996231251702734
    Encrypted:true
    SSDEEP:
    MD5:45540946E6103733968DB693EBAB4C60
    SHA1:6674ECCAD5238E0CE2A804B37B88431F2D8AA7C8
    SHA-256:71512DEF2532AB9A528020E5AC704B6BD37ADFD795587FF1595A7BA3430E7CD5
    SHA-512:5D80EF6B421036F37B6C95540FCB61DC41244EF407B87605E343BAA3CE670F38666EC161775DE3A1E97D4057B45622F18507ADD4D6A41454E7F7096519F96A39
    Malicious:false
    Reputation:unknown
    Preview:ITSF....`..................|.{.......".....|.{......."..`...............x.......TP.......P...............* .............ITSP....T...........................................j..].!......."..T...............PMGL3................/..../#BSSC....=../#IDXHDR....3.../#ITBITS..../#IVB...(T./#STRINGS......../#SYSTEM...."./#TOPICS....3.@./#URLSTR....c.K./#URLTBL....s.p./#WINDOWS......./$FIftiMain....=..v./$OBJINST....W.f./$WWAssociativeLinks/..../$WWAssociativeLinks/BTree.... .L./$WWAssociativeLinks/Data....lA./$WWAssociativeLinks/Map....-../$WWAssociativeLinks/Property....7 ./$WWKeywordLinks/..../$WWKeywordLinks/BTree...|..L./$WWKeywordLinks/Data...H.n./$WWKeywordLinks/Map....6J./$WWKeywordLinks/Property..... ./About our software.htm...l.5./Access_Utilities/...'/Access_Utilities/Access_and_LEADER.htm...$.K,/Access_Utilities/Access_Reports_utility.htm...I.U*/Access_Utilities/Action_Items_Manager.htm......//Access_Utilities/Finding or Replacing Data.htm.....o./Actions 32px.bmp....h.6./actionty

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER Help.lnk

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Apr 26 14:46:50 2024, mtime=Fri Apr 26 14:46:50 2024, atime=Fri Sep 15 04:39:06 2023, length=2108096, window=hide
    Category:dropped
    Size (bytes):703
    Entropy (8bit):4.687336666081155
    Encrypted:false
    SSDEEP:
    MD5:431B2A80AE4D8B38500035BD4928DD2D
    SHA1:DFEA0672D4123F6EEBB67A93C36EB2BB93D76306
    SHA-256:D78D1624AECD6867F70A31AC3B23298AAC84DB95103C90D8E8308C7AABEFB308
    SHA-512:4AEFE36FDBEF6101DA9CE5E2D8B306ED148499A36D64A08463D099908AACEA697BA82040B6EDA3D47A6FDD6D81641D4E3D95C7917A1906AF64B4238148D22371
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... ...k.......&............* .....................=....P.O. .:i.....+00.../C:\...................`.1......X.}. PROGRA~3..H......O.I.X.}....g.........................P.r.o.g.r.a.m.D.a.t.a.....T.1......X.}. LEADER..>......X.}.X.}....8.........................L.E.A.D.E.R.....Z.2..* ./W., Help.chm..B......X.}.X.}....9.........................H.e.l.p...c.h.m.......M...............-.......L...................C:\ProgramData\LEADER\Help.chm........\.....\.....\.....\.....\.L.E.A.D.E.R.\.H.e.l.p...c.h.m.`.......X.......562258...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER Program Folder.lnk

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Directory, ctime=Fri Apr 26 14:46:45 2024, mtime=Fri Apr 26 14:46:50 2024, atime=Fri Apr 26 14:46:48 2024, length=0, window=hide
    Category:dropped
    Size (bytes):1019
    Entropy (8bit):4.650277257188404
    Encrypted:false
    SSDEEP:
    MD5:BFB5D3EA6F938D8D9A198B57F9ABBA57
    SHA1:CCEFC924B370FCF5E8420FFCEE2303ADAEC12EA1
    SHA-256:6CCCDF1717AFAC177848A26DB59FFE5AAF651E38EB70088A848498FCE22C2F50
    SHA-512:53232DA5D4F30160F7BB9388A401ABADCD5C524325253B74C0A9F11EFD754AFDDEA228A7D9E756DF6D745403D2A44B0FB9DEC9889CE2782E0CA70E25BACE7B90
    Malicious:false
    Reputation:unknown
    Preview:L..................F...............xZ.........................................P.O. .:i.....+00.../C:\.....................1......X.}..PROGRA~2.........O.I.X.}....................V......y..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....T.1......X.}..LEADER..>......X.}.X.}.....\........................L.E.A.D.E.R.......L...............-.......K...................C:\Program Files (x86)\LEADER..D.C.o.n.d.u.c.t. .a.n.d. .d.o.c.u.m.e.n.t. .b.e.t.t.e.r. .P.H.A.s.,. .H.A.Z.O.P.s.,. .L.O.P.A.s.,. .a.n.d. .r.e.l.a.t.e.d. .s.t.u.d.i.e.s.,.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.E.A.D.E.R.........*................@Z|...K.J.........`.......X.......562258...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM.

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER User Folder.lnk

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Fri Apr 26 14:46:48 2024, mtime=Fri Apr 26 14:46:50 2024, atime=Fri Apr 26 14:46:50 2024, length=8192, window=hide
    Category:dropped
    Size (bytes):1114
    Entropy (8bit):4.618875375880005
    Encrypted:false
    SSDEEP:
    MD5:F1EEA1B7D26B0733B87A991428FD33F6
    SHA1:B2DC05C33E8B9E98B52666610807FF16B2247572
    SHA-256:E077305BCEF1681D852679FDE0F86BB4B8A4DA214747F3E20AFEDD3A109E6609
    SHA-512:4597CEAA23D3B65CD73630E49CB00E276E2BA0B6DF9D23D7459FE441D8EF3A938C7401461171BD030C55049BF7FA4E6AD1C76D136095E04175EB8A0AE642C719
    Malicious:false
    Reputation:unknown
    Preview:L..................F........(%.....df.....W?...... ...........................P.O. .:i.....+00.../C:\...................x.1.....FW,I..Users.d......OwH.X.}....................:.........U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....|.1.....CW!H..Public..f......O.I.X.}....+...............<.....r.E.P.u.b.l.i.c...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.6.......1......X.}..Documents.l......O.I.X.}....-...............B......%.D.o.c.u.m.e.n.t.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.0.1.....T.1......X.}..LEADER..>......X.}.X.}.............................L.E.A.D.E.R.......O...............-.......N...................C:\Users\Public\Documents\LEADER../.....\.....\.....\.....\.....\.....\.U.s.e.r.s.\.P.u.b.l.i.c.\.D.o.c.u.m.e.n.t.s.\.L.E.A.D.E.R..........................$H...E...ye.64....`.......X.......562258...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER.lnk

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Fri Apr 26 14:46:45 2024, mtime=Fri Apr 26 14:46:50 2024, atime=Fri Mar 1 14:42:26 2024, length=3981312, window=hide
    Category:dropped
    Size (bytes):1148
    Entropy (8bit):4.643469599026513
    Encrypted:false
    SSDEEP:
    MD5:A261827232BCC1EEBA8827E589911055
    SHA1:05F2CDDCA85A578628CA3CA86068983D7074B00E
    SHA-256:33036B6D0B26072C14CA1D787677A6538D6972958338D66409EFD4C8082D468B
    SHA-512:D5C9AB65AED39ED37340784B35E46B509ACF549764BC428D57E38422852BB3F4F648CB23020A835AC62BFCFB9E0205856EE36B8246A61A92D61578D505696F92
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... ...#$.....*........]..k....<.....................{....P.O. .:i.....+00.../C:\.....................1......X.}..PROGRA~2.........O.I.X.}....................V......y..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....T.1......X.}..LEADER..>......X.}.X.}.....\........................L.E.A.D.E.R.....`.2...<.aXM} .LEADER.exe..F......X.}.X.}..............................L.E.A.D.E.R...e.x.e.......W...............-.......V...................C:\Program Files (x86)\LEADER\LEADER.exe..D.C.o.n.d.u.c.t. .a.n.d. .d.o.c.u.m.e.n.t. .b.e.t.t.e.r. .P.H.A.s.,. .H.A.Z.O.P.s.,. .L.O.P.A.s.,. .a.n.d. .r.e.l.a.t.e.d. .s.t.u.d.i.e.s.7.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.E.A.D.E.R.\.L.E.A.D.E.R...e.x.e.........*................@Z|...K.J.........`.......X.......562258...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-

    C:\Users\Public\Desktop\LEADER.lnk

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Fri Apr 26 14:46:45 2024, mtime=Fri Apr 26 14:46:45 2024, atime=Fri Mar 1 14:42:26 2024, length=3981312, window=hide
    Category:dropped
    Size (bytes):1130
    Entropy (8bit):4.663146888375859
    Encrypted:false
    SSDEEP:
    MD5:42D24C81D75ECCC13457971234210774
    SHA1:E8B0AB35512B34E317C5E165C2107477E54B6655
    SHA-256:E1130AEB847B1B46FE7A8CDFE8BA43FB5077FE3EA73D0DC77DBBF08EC298AFBD
    SHA-512:58DA31FF94FE5398DE822670C201FE0C58D0411D6DDB48571D5B6CBDA1EE68C9BDFC1FFFFC685D8B8A310DBA763CA01C3E8251F6674F46449FFECFE3FB7B2438
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... ...#$..............]..k....<.....................{....P.O. .:i.....+00.../C:\.....................1......X.}..PROGRA~2.........O.I.X.}....................V......y..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....T.1......X.}..LEADER..>......X.}.X.}.....\........................L.E.A.D.E.R.....`.2...<.aXM} .LEADER.exe..F......X.}.X.}..............................L.E.A.D.E.R...e.x.e.......W...............-.......V...................C:\Program Files (x86)\LEADER\LEADER.exe..D.C.o.n.d.u.c.t. .a.n.d. .d.o.c.u.m.e.n.t. .b.e.t.t.e.r. .P.H.A.s.,. .H.A.Z.O.P.s.,. .L.O.P.A.s.,. .a.n.d. .r.e.l.a.t.e.d. .s.t.u.d.i.e.s.......\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.E.A.D.E.R.\.L.E.A.D.E.R...e.x.e.........*................@Z|...K.J.........`.......X.......562258...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5

    C:\Users\Public\Documents\LEADER\Buncefield BowTie Example.ldr (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:799BB628E22CEE85174FC47D15F57005
    SHA1:03AE747826750F213273A6C08C8C8E6A30823296
    SHA-256:5384872CF6D32DD8A797DFF44D85189828FCF8CDC21EFB1647AD37FBF7CD2A09
    SHA-512:E9EB3462664C6CBE473E4019027C3F166992329F9A54F1D175F7DB399D0353F0FB358C4C969737061610B6ABC3D6A1EB3815E75BE4E574C0D5DF32372C6A88F4
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N|Q.7...<.(....`.>{6....^.C5..3..y[h.|*..|......N`1;a.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Chlorine Unloading and Blowdown.ldr (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5DCFB8205B6C6D5B9C263B2491B930F6
    SHA1:2E1A7EE3772053322EEE8C82DE7F665400512B63
    SHA-256:758F7D2F99709A893D74815948B993D84FA011958CD5D5BCB2AFA9CDC0D61366
    SHA-512:5236B8ACD087D7FDA318FEFBEA9877452E3C95418E8415170A987373DE1079568EF184A79F68D2929C9DD11A950C3D9A70B8340582CE18CD5EEFEB6974CD0DA8
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7$.....(.j..`-${6....D.C...3M.y[..|*..|........[Y1.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Chlorine Unloading and Blowdown.ldr.Change1 (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:81EDDFCE0990F84935A75968FE3386A0
    SHA1:472A8EA6F1EFC20E9510D2EFB1AB7F7E4AD33E1F
    SHA-256:7280CC50F21B660AF217A4B963880368F9F7FFA6F93331FAE25D6664DFF61D44
    SHA-512:C37A984108022C6C7C5108DB59656E2353A078B985DF62DF7BF9F63BDFDC589F2BEFC1C2122A0299FC09B4FFA18A019BBB578E19B6D0BEC7F48A2E80048153AC
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7$.....(.j..`-${6....D.C...3M.y[..|*..|........[Y1.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Chlorine Unloading and Blowdown.ldr.Change2 (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D70D1831A1D0E14607D5E4BA2014D080
    SHA1:74B48C9A311F325265A2ED6232B566C21E0373FE
    SHA-256:30E15623FF6F92A9960E1840AE596CC1BB0D7AA68EF97328A6A86C1588D0C2FE
    SHA-512:09FDC07D44E6254907FF51D614FDAE4B7E2C3B4246050703AA0EC9B2BDC3AA5FF94583270E93527A19182AA0EE7C6D883353E429F88DC324CA093E5B627A8A9F
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7$.....(.j..`-${6....D.C...3M.y[..|*..|........[Y1.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Chlorine Unloading and Blowdown.ldr.Change3 (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:889547940EAA161F59BF0D9B8203816E
    SHA1:0698E6BD77BA47F4CE2ED0C0FB2831BA75BD34EF
    SHA-256:E1908BF9030DF1D24C0403E791C47620172065F0E78662BE1B5F40080EB511D3
    SHA-512:F636907C23432DA80A186EE6DD076B04D1F92DCE53C75A95FA9D2D16B75D97CD31D9CC80D7A770D16AB502E1277220E2673B8DBC0AC10D35C575C0A8603651F9
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7$.....(.j..`-${6....D.C...3M.y[..|*..|........[Y1.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Chlorine Unloading and Blowdown.ldr.Change4 (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:666448A1EA8E722EB145080644D3C6AB
    SHA1:7F50072F0CB4F039ECFE7667B66D496A9F1D3968
    SHA-256:C6B4E9AD0100718B6DD398FC5C4D1B5BFE265B682D1FD2F7188BDBD0384D32B1
    SHA-512:CD691F104D1FAFAADC4AEDF27D37ACF9735460B8526CC73D07BFF3C7B30A6CC33A83FA6C388D8701EB9C86E9176DE774344A45771C43D24AA0F37115E4F4297E
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7$.....(.j..`-${6....D.C...3M.y[..|*..|........[Y1.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\D-20-03-F-100-15.PDF (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PDF document, version 1.3, 1 pages
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E120103B88C828891E2526DFBBC3BB7E
    SHA1:56A3053F77F2674C315876A45787A8378C3F8993
    SHA-256:AFA3A3A623E27DFE09D4E26F74AD541606CF4E4364F39C19312141A3D82D2B92
    SHA-512:D53E9BFA00BF5B0D431BB2175D6BAF794F4DCD2A72434705AD546CB61ADF19E2B9102BBB91B55795002C99D6C46BCD2EE7A41093F00CBAF4034864EA22E2E702
    Malicious:false
    Reputation:unknown
    Preview:%PDF-1.3.%.....1 0 obj.<<./CreationDate (D:20141007145224-04'00')./ModDate (D:20141007145224-04'00')./Creator (Xerox Color 550)./Producer (Xerox Color 550).>>.endobj.23 0 obj.<<./Type /XObject./Subtype /Image./Width 2550./Height 3300./BitsPerComponent 8./ColorSpace /DeviceRGB./Filter /DCTDecode./Length 539707.>>.stream.......JFIF.....,.,.....C................................... $.' ",#..(7),01444.'9=82<.342...C......................"....."*&".."&*-)&"&)-2-))-222-222222222222...C......................"....."*&".."&*-)&"&)-2-))-222-222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.........................................................................

    C:\Users\Public\Documents\LEADER\Dictionary\Custom.dic (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:ISO-8859 text, with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:119AEB45EAC04F79A0BD9F1CD1D465CE
    SHA1:B0AC03E9ACE0C1A799AB4B403A5FD356AEA58098
    SHA-256:7629E0871B451B9DF8ED0D59E0A871871E2665699BC87426F72D0394FBB31E18
    SHA-512:75A984DE5B9984D9CA7548621BA79CC85773CD1676A8A66A17F399BC0914FEE747F75785934826201586A46089361E0CD7D8C142060CBF3B9528D3FFD16D1356
    Malicious:false
    Reputation:unknown
    Preview:condensate..methacrylic..sparge..autostart..backflow..backflowing..backpressure..condensate..diked..exotherm..firefighting..gelation..heatup..ketone..misuserbration..nonroutine..overpressurization..overpressurized..psig..recirculation..sealless..setpoint..setpoints..sparge..thermolene..unchilled..unreacted..xylene..batches..isophthalic..glycol..butadiene..OSBL..styrene..interchanger..hexene..railcar..dehexanizer..sidedraw..isobutane..overfilled..deethanizer..aftercooler..cocatalyst..noncondensibles..antistat..overfilled..antistat..sparger..blowback..flashgas..VOCs..reboiler..startup..spillback..dehexanizer..olefins..coalescer..subcooler..prefilters..eductor..pelletizer..pellitizer..gelcoat..acetaldehyde..acrolein..acrylonitrile..acrylyl..alkylaluminums..allyl..allylamine..arsine..autorefrigeration..blowdown..boltup..bromopropyne..butyl..carbonyl..chloro..chlorodiethylaluminum..chloroformate..chloromethyl..chloropicrin..cooldown..cumene..cyanogen..cyanuric..deadlegs..diacetyl..diazometh

    C:\Users\Public\Documents\LEADER\Dictionary\~GLH0074.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:ISO-8859 text, with CRLF line terminators
    Category:dropped
    Size (bytes):2238
    Entropy (8bit):4.344952910595728
    Encrypted:false
    SSDEEP:
    MD5:119AEB45EAC04F79A0BD9F1CD1D465CE
    SHA1:B0AC03E9ACE0C1A799AB4B403A5FD356AEA58098
    SHA-256:7629E0871B451B9DF8ED0D59E0A871871E2665699BC87426F72D0394FBB31E18
    SHA-512:75A984DE5B9984D9CA7548621BA79CC85773CD1676A8A66A17F399BC0914FEE747F75785934826201586A46089361E0CD7D8C142060CBF3B9528D3FFD16D1356
    Malicious:false
    Reputation:unknown
    Preview:condensate..methacrylic..sparge..autostart..backflow..backflowing..backpressure..condensate..diked..exotherm..firefighting..gelation..heatup..ketone..misuserbration..nonroutine..overpressurization..overpressurized..psig..recirculation..sealless..setpoint..setpoints..sparge..thermolene..unchilled..unreacted..xylene..batches..isophthalic..glycol..butadiene..OSBL..styrene..interchanger..hexene..railcar..dehexanizer..sidedraw..isobutane..overfilled..deethanizer..aftercooler..cocatalyst..noncondensibles..antistat..overfilled..antistat..sparger..blowback..flashgas..VOCs..reboiler..startup..spillback..dehexanizer..olefins..coalescer..subcooler..prefilters..eductor..pelletizer..pellitizer..gelcoat..acetaldehyde..acrolein..acrylonitrile..acrylyl..alkylaluminums..allyl..allylamine..arsine..autorefrigeration..blowdown..boltup..bromopropyne..butyl..carbonyl..chloro..chlorodiethylaluminum..chloroformate..chloromethyl..chloropicrin..cooldown..cumene..cyanogen..cyanuric..deadlegs..diacetyl..diazometh

    C:\Users\Public\Documents\LEADER\Example 3-dimensional risk scoring.ldr (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:55712D1DDAC71549B35D791BD09DAD16
    SHA1:5E4D39E5158850BEBA11CD9E70CD7154D5276534
    SHA-256:C26B4124A48383703534FD71830FBC8758E69D81D0DB6B0FCD198753F6506A48
    SHA-512:6339C20808FC582E651D9FDFCF6B76D99072E67F994690AB6E0FD9E44F207BC44319403C76370E4B7E77977CED20470453F7D1321216E86FDB5F5D80070A19CE
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NHQ.7.....(....`.>{6;...^.C...3..y[\.|*..|.......U{.g.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Example FMEA.ldr (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8463FF69A1016AE771514B174985374A
    SHA1:EB8AA33C0C258B1D30338D10E80EBDABF8F46EB8
    SHA-256:86B606CBEBF32906730731B893DB4AF92D90F20102951284098F6A5F9F9CAC83
    SHA-512:FC66EE813795531EAB67847A65A12F2B59FF4B171B6DD3AB9DFA45E74B3A6C394267CFBF9C49F91EC3AFDB0CB9787B2FF006EA79AD660919457FD959B6ED51D5
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|.......vB.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Example Hazard Review.ldr (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:CB850B9B667717418E50F107D069C1DC
    SHA1:4EC5660563ACA3E86CAC7B87CB4E2B2DF074E079
    SHA-256:335309271DB59C8BA8A59670A3C89B69D800E2F7BCCC8E1E03743F628F03AAC3
    SHA-512:A37E67474FA69E72E5B307AB0F05F4E5FA9740E218A6FD243591F4DA41F5D5B71152B1CD86BE750A933F7AA0C48A72054B98721C9E141FDA19AFB45CE102E7D9
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|........G.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Example Procedure Writing Worksheet.ldr (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:3DEB7E047F3EBFE584EC43FADBB378E9
    SHA1:6A2E380C77A2AB5178C49DE8017DC830FC11DFC3
    SHA-256:B5DA024B0764A5795657F17A695CBA7F4AE0F23CC597310B53A848069B91E342
    SHA-512:D38112450C5D065C25CA65A5838E40D7F2F15936E780632B24CF45E3D83C84D180DE91EFB69854394F4275CEE1534F1EF3CC11A2804255BCF65A3E8BE7619C9B
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|.......?O.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\HAZID-Bowtie Example.ldr (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:BA8036E31F4752BB8762AA26A5C2FBB8
    SHA1:0ABB03488DDE0D1DC1634BE95D57E658C964BC0D
    SHA-256:D7C1D8E6C84E14AE17AEC3928B983921D48E84E4DDA043D3B337537277FBDAA2
    SHA-512:FC92964577626669FC100DD73FE3710836A1EBEF1FC9EC6668D2D7AFC6FF5C487AFDAF179DE9B55E4BEB7A5297E2BD56CECEDB7566923CEDA076EB5DF57CC795
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NIQ.7.....(....`.>{6:...^.C...3..y[].|*..|.....^1..g.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Isostripper.ldr (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7E58C01717886AB758F865B165017A8C
    SHA1:72D3044647FE2FB15F4511DA89249963413E073B
    SHA-256:178D16271FC299224EA72475A796B4A79BA7084D2384135E354C4AB2EC64CB88
    SHA-512:CE906F2F0883078F8BA8BB803BB3FFB5AC3F7991793782767C437EB1FA3FECA75E54FD70C9C33C68FB6D791C74D7E2A6141A36B7531C1770A171CACC3BA15204
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|....... t.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\ProgramUseLog.txt

    Download File
    Process:C:\Program Files (x86)\LEADER\LEADER.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):128
    Entropy (8bit):4.548534836718838
    Encrypted:false
    SSDEEP:
    MD5:D36A60AA25EA2B22ED0087A77C1EF119
    SHA1:612E61FA7EA9C63A95BA6CA414DD35367D280589
    SHA-256:E3875C58B53EE0A5D99CA9642124F77BC9E33523EEA87B02C2740A3FE04DF604
    SHA-512:75AC50A1B6A47A5D386DF63E42CF24F4F70244760FB663B5EB182E7C94618CE1AC48572C69D15C0971AB1B2C8CC5C9EBF054EA6B29B48DA4DBBFDDD3289DD61B
    Malicious:false
    Reputation:unknown
    Preview:26/04/2024 17:47:03 LEADER 2024.3.1 OPENED on 562258 by user...26/04/2024 17:47:11 LEADER 2024.3.1 OPENED on 562258 by user...

    C:\Users\Public\Documents\LEADER\PublishSettings\Causes only.txt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (20006), with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:3036092A020058F14A4A09225A12F1E1
    SHA1:A8BF30C5D3640EB3976A9D708F70472DE45394A9
    SHA-256:F63BBB17DB5F50C8F40A1320AAF10A89BA61ACABD417EA5D097DD3E3B045CD79
    SHA-512:21D50031477C5829318012C8AFD8EA066BBD88CCA5F4A3EB93D839E8B79B5A863E338CFF011338B0C5FFB3B232B2996CB3C4B6CF5399A207CD012A66FCF40A53
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>1</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequ

    C:\Users\Public\Documents\LEADER\PublishSettings\Checklist Topics,Detailed Questions,Responses,ActionNum,RepeatingHdr.txt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (22296), with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E7E9209087483ECB4A37D5317C80FCE1
    SHA1:1CF8548B88F05758070305B2B3AEE7982FAC0FDE
    SHA-256:82D46A501BC6F5FC185D29D99E0768E9D4D553B85761C4AC286266003B84EBBE
    SHA-512:2CA2613AF34F68B7F4BD842E50F7A71D6801310B1B7DBCBB67EFA3D6994A5134C95B500F0E501DFFDA5F8FA4FB906FF4DB68583761E7621F0B25C09D3716E087
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>3</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequ

    C:\Users\Public\Documents\LEADER\PublishSettings\Checklist Topics,Responses,ActionNum,RepeatingHdr.txt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (22680), with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:1F22F5604AD662B070AA56C00FE4D284
    SHA1:D4CCD447FB7132F1B9CF107C74B20851E32422F9
    SHA-256:F830CC4C795748F07E20024532CBE083293D65AB224A4DEF4520A9659DFB5A40
    SHA-512:EF0CA53E5CAB05ED2F400595D8DD75EE5E013D261A84BBE91AAC4FB4634166ACBD104BD0AE3740EB6E824F8166D693DA401296785160E2568416ACF9BFE16E8A
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>4</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Se

    C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,MatrixSLR,Sfg,ActionTypeNoText,R-Hdr.txt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (23217), with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:1CAD9A733F13F60DDF0D68DD805FF50F
    SHA1:F6E271556984C368B14B569643B161FC1A752AC8
    SHA-256:EABC32423AB836E78EC8FC64A86C6599343F81F6C37752931B72DF4F51C0C333
    SHA-512:00D1ADC88FBC21DF75A5044012D9A2F6AA0A10E4E09A83811E2ED44D9C83735EE7B1F8CFBA4FCE4F477831437F6A59D2735EA6036ACEB03E69586E03D229DA90
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>4</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Se

    C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,MatrixUnmitSLR,Sfg,MitSLR,ActionTypeNo,ProjSLR,S-Hdr,R-Hdr.txt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (23719), with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8339C7CEB1B6C494A8DCBAFA2EFA305F
    SHA1:063AB724446618D25B6C07275C753850CEA05728
    SHA-256:439B7BB441B7533452F3E75AB22AD37A9590772F54A5779935F3EA7F861EC389
    SHA-512:B123EF745EC340C8B5BFF5C65F502C86FC5BED7DDC533289A723A2614899D66FC19C850E6F3B9A4C6D55EC2C0BB7CDAB40B3F3AAD7149D40BA4662390FCC4C26
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>4</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequ

    C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,SLR,Sfg,RecNoText,R-Hdr.txt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (23137), with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A68A0AACC9437006B70B1774986A558B
    SHA1:E7A6849C8CDEC06F14F4BF0F82B4AEE0C2D714EC
    SHA-256:F3AE220D6F98353783941BB242C3C59A0E7C80DE6BCA247303DB730BFA2E1C0E
    SHA-512:8352AD1E2929909833CEA7CA7CA31607AC13AA1AE468F521F70F173C8A10E6D1FF100D17A5D3BFDC9AFE8B318B70AB65BA08DB78A27C730E9EF7A09157A154AD
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>4</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Se

    C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,Sfg,ActionTypeNo,R-Hdr.txt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (23653), with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:2387304960B4CB5E89C6E4A4C83E529A
    SHA1:8DDC570B8418F81CB8A015C31619E293D224A3C1
    SHA-256:8631E8B8CECD2F269387BA097D602FFF90521B2866714EFAEFFDA671B022F313
    SHA-512:EF434D16E7B22E1ECE28DD0813BBDC1DD6FF6C4BB3C7E4F2CC5E58E87EEE574A056C0EDDE74C6C9F6119E3267301DC542BA91785313B83D5D35937A23E6CEF23
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>5</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequ

    C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,Sfg,MatrixSLR,ActionTypeNoTextResp,S-Hdr,R-Hdr.txt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (22908), with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:019E77E8D7DE8C0DAB12FA8D89090A50
    SHA1:AC162686E48A10D739FF537ADAD162A0E022FC5C
    SHA-256:FD0AE826EADF2F600C0000DEFC9B07D91E52D7C19F661E3EF1BBFD3BFBEBD2E3
    SHA-512:9976879ED67976A3B3804E91A47B0EA4A7C506486DEB3FD94D4F1894B09137189752C9B73B1FFD312F17291D32671AB87D99905917BD6F0E658D8E4079D4B5A9
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>3</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Seq

    C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,Sfg,RecNoText,R-Hdr.txt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (24033), with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6A48A951856AC8F8F9E1B5659A45E4DE
    SHA1:215605C06CD363FA1D98F49AAD33348362D2F70F
    SHA-256:1515B9BB6A267B8A78ED1479D2A193697630B8E9E7C320F9E4CE661ED0E90202
    SHA-512:55B923DDDE6C85468472AEABA723429414D6CC903CCCFFBC34008D68184469C7E2BA92DD05F990B70B00ACF7583E0DB63FA6BD414B06410F90A52EEFB395F3B8
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>5</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequ

    C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,UnmitSLR,Sfg,ActionTypeNoText,R-Hdr.txt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (23217), with CRLF line terminators
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0F0F8948E78C2B2F5DF496DA2A0532C9
    SHA1:2B8D7DC39FE13477E85422BF834FDF2BACA41042
    SHA-256:FF14CBACE0BA25FF37026B50470DEF2B94D4D1A97F389067E9A9B313AB8BFF2D
    SHA-512:AA3FBEDED158F18661D00DC94939BC1E7030CB24976488B25D49CFD28FDA0492906D4A4FB4415886768EE004522402212219ECD88CF310501BC1B50CD76215F2
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>4</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Se

    C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0080.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (20006), with CRLF line terminators
    Category:dropped
    Size (bytes):20008
    Entropy (8bit):4.822942637652728
    Encrypted:false
    SSDEEP:
    MD5:3036092A020058F14A4A09225A12F1E1
    SHA1:A8BF30C5D3640EB3976A9D708F70472DE45394A9
    SHA-256:F63BBB17DB5F50C8F40A1320AAF10A89BA61ACABD417EA5D097DD3E3B045CD79
    SHA-512:21D50031477C5829318012C8AFD8EA066BBD88CCA5F4A3EB93D839E8B79B5A863E338CFF011338B0C5FFB3B232B2996CB3C4B6CF5399A207CD012A66FCF40A53
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>1</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequ

    C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0081.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (22296), with CRLF line terminators
    Category:dropped
    Size (bytes):22298
    Entropy (8bit):4.8182315946153285
    Encrypted:false
    SSDEEP:
    MD5:E7E9209087483ECB4A37D5317C80FCE1
    SHA1:1CF8548B88F05758070305B2B3AEE7982FAC0FDE
    SHA-256:82D46A501BC6F5FC185D29D99E0768E9D4D553B85761C4AC286266003B84EBBE
    SHA-512:2CA2613AF34F68B7F4BD842E50F7A71D6801310B1B7DBCBB67EFA3D6994A5134C95B500F0E501DFFDA5F8FA4FB906FF4DB68583761E7621F0B25C09D3716E087
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>3</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequ

    C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0082.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (22680), with CRLF line terminators
    Category:dropped
    Size (bytes):22682
    Entropy (8bit):4.813081562321656
    Encrypted:false
    SSDEEP:
    MD5:1F22F5604AD662B070AA56C00FE4D284
    SHA1:D4CCD447FB7132F1B9CF107C74B20851E32422F9
    SHA-256:F830CC4C795748F07E20024532CBE083293D65AB224A4DEF4520A9659DFB5A40
    SHA-512:EF0CA53E5CAB05ED2F400595D8DD75EE5E013D261A84BBE91AAC4FB4634166ACBD104BD0AE3740EB6E824F8166D693DA401296785160E2568416ACF9BFE16E8A
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>4</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Se

    C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0084.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (23217), with CRLF line terminators
    Category:dropped
    Size (bytes):23219
    Entropy (8bit):4.816545844974567
    Encrypted:false
    SSDEEP:
    MD5:1CAD9A733F13F60DDF0D68DD805FF50F
    SHA1:F6E271556984C368B14B569643B161FC1A752AC8
    SHA-256:EABC32423AB836E78EC8FC64A86C6599343F81F6C37752931B72DF4F51C0C333
    SHA-512:00D1ADC88FBC21DF75A5044012D9A2F6AA0A10E4E09A83811E2ED44D9C83735EE7B1F8CFBA4FCE4F477831437F6A59D2735EA6036ACEB03E69586E03D229DA90
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>4</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Se

    C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0085.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (23719), with CRLF line terminators
    Category:dropped
    Size (bytes):23721
    Entropy (8bit):4.8196958195404145
    Encrypted:false
    SSDEEP:
    MD5:8339C7CEB1B6C494A8DCBAFA2EFA305F
    SHA1:063AB724446618D25B6C07275C753850CEA05728
    SHA-256:439B7BB441B7533452F3E75AB22AD37A9590772F54A5779935F3EA7F861EC389
    SHA-512:B123EF745EC340C8B5BFF5C65F502C86FC5BED7DDC533289A723A2614899D66FC19C850E6F3B9A4C6D55EC2C0BB7CDAB40B3F3AAD7149D40BA4662390FCC4C26
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>4</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequ

    C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0086.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (23653), with CRLF line terminators
    Category:dropped
    Size (bytes):23655
    Entropy (8bit):4.8166125902858665
    Encrypted:false
    SSDEEP:
    MD5:2387304960B4CB5E89C6E4A4C83E529A
    SHA1:8DDC570B8418F81CB8A015C31619E293D224A3C1
    SHA-256:8631E8B8CECD2F269387BA097D602FFF90521B2866714EFAEFFDA671B022F313
    SHA-512:EF434D16E7B22E1ECE28DD0813BBDC1DD6FF6C4BB3C7E4F2CC5E58E87EEE574A056C0EDDE74C6C9F6119E3267301DC542BA91785313B83D5D35937A23E6CEF23
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>5</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequ

    C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0087.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (22908), with CRLF line terminators
    Category:dropped
    Size (bytes):22910
    Entropy (8bit):4.823443427551304
    Encrypted:false
    SSDEEP:
    MD5:019E77E8D7DE8C0DAB12FA8D89090A50
    SHA1:AC162686E48A10D739FF537ADAD162A0E022FC5C
    SHA-256:FD0AE826EADF2F600C0000DEFC9B07D91E52D7C19F661E3EF1BBFD3BFBEBD2E3
    SHA-512:9976879ED67976A3B3804E91A47B0EA4A7C506486DEB3FD94D4F1894B09137189752C9B73B1FFD312F17291D32671AB87D99905917BD6F0E658D8E4079D4B5A9
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>3</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Seq

    C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0088.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (24033), with CRLF line terminators
    Category:dropped
    Size (bytes):24035
    Entropy (8bit):4.8111372426784165
    Encrypted:false
    SSDEEP:
    MD5:6A48A951856AC8F8F9E1B5659A45E4DE
    SHA1:215605C06CD363FA1D98F49AAD33348362D2F70F
    SHA-256:1515B9BB6A267B8A78ED1479D2A193697630B8E9E7C320F9E4CE661ED0E90202
    SHA-512:55B923DDDE6C85468472AEABA723429414D6CC903CCCFFBC34008D68184469C7E2BA92DD05F990B70B00ACF7583E0DB63FA6BD414B06410F90A52EEFB395F3B8
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>5</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>True</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequ

    C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0089.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (23137), with CRLF line terminators
    Category:dropped
    Size (bytes):23139
    Entropy (8bit):4.813038462723673
    Encrypted:false
    SSDEEP:
    MD5:A68A0AACC9437006B70B1774986A558B
    SHA1:E7A6849C8CDEC06F14F4BF0F82B4AEE0C2D714EC
    SHA-256:F3AE220D6F98353783941BB242C3C59A0E7C80DE6BCA247303DB730BFA2E1C0E
    SHA-512:8352AD1E2929909833CEA7CA7CA31607AC13AA1AE468F521F70F173C8A10E6D1FF100D17A5D3BFDC9AFE8B318B70AB65BA08DB78A27C730E9EF7A09157A154AD
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>4</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Se

    C:\Users\Public\Documents\LEADER\PublishSettings\~GLH008a.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:HTML document, ASCII text, with very long lines (23217), with CRLF line terminators
    Category:dropped
    Size (bytes):23219
    Entropy (8bit):4.816667855043304
    Encrypted:false
    SSDEEP:
    MD5:0F0F8948E78C2B2F5DF496DA2A0532C9
    SHA1:2B8D7DC39FE13477E85422BF834FDF2BACA41042
    SHA-256:FF14CBACE0BA25FF37026B50470DEF2B94D4D1A97F389067E9A9B313AB8BFF2D
    SHA-512:AA3FBEDED158F18661D00DC94939BC1E7030CB24976488B25D49CFD28FDA0492906D4A4FB4415886768EE004522402212219ECD88CF310501BC1B50CD76215F2
    Malicious:false
    Reputation:unknown
    Preview:<PropertyBag><cWorksheet><cWSReportSettings name="WSReportSettings"><cHeader name="SectionHeader"><Style>SectionHeader</Style><FieldNameStyle>SHFieldName</FieldNameStyle><RowCount>4</RowCount><cRow name="Row1"><ColCount>5</ColCount><cCol name="Col1"><TableName>Project</TableName><FieldName>Company</FieldName><CustomTitle>Company</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Sequence>0</Sequence><LayoutFieldName></LayoutFieldName><Key></Key></cCol><cCol name="Col2"><TableName>Project</TableName><FieldName>Plant</FieldName><CustomTitle>Plant</CustomTitle><ColWidth>1</ColWidth><UseTerm>False</UseTerm><RecordsetName></RecordsetName><CustomDataStyle></CustomDataStyle><TitleDelimiter></TitleDelimiter><ShowFieldName>False</ShowFieldName><Visible>False</Visible><ShowNumber>False</ShowNumber><Se

    C:\Users\Public\Documents\LEADER\Templates\Custom LOPA Report Template.dotx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Word 2007+
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0EBBF0580CB5287295AB679CE4975267
    SHA1:B9654508ADBBD98DD7EE6F71A15C8B4140F535AC
    SHA-256:B6B9C012C59478063B6FEFC1B9B95BC3456872D205D80AE838F365D0E26F8FED
    SHA-512:1CFF32912315FEDC25A68E0BA9038A5C246C7082A746417532593D071D6EACC38B39A13676992C16757EE823A6041D86DE2091CBD08F2C5D8C66C0B18564D3C8
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.........()......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZM..0..W...r..l.n....~.[.R.W.L m.!......1.j..\v4..X{.{3......h.;0.Vr.^.'i..Pe-......&M...0Kw`....W..N.M|...t...-6 ..+..T....G.f.....X6.\.BI..\........%_...;%.5...S7...h....h...>..Z7u...gw.|.l.T.}.~......N0.#..B.w_NS..,.q...2%+U..>r.<..........M.U..~.D3v .........bk...D.j..0J.....-..WC_...[....|1z.A...../.......|....<(..V?.T<...R).r...C...Y"i8 .J(.h..$......J(....%m..`...Q....(.......W&.......#.G...8.

    C:\Users\Public\Documents\LEADER\Templates\Custom Report Template.dotx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Word 2007+
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:B25F5002B27FB4BF31C51210AD8226EA
    SHA1:ADE15204A0258D0574A6BCDAB9D733DAFC9089F4
    SHA-256:4498D7CB6C14BDAA8EE61671EBD9B8F25884DC615823FBBE37CDF86A4186CF5A
    SHA-512:3CBE5D902DA76F9FC3F73A95683FBEAAACEEC133E34A68CE96728B3A1CA7A20013D915AF9478718D3B03253EE2DACA55BF0B5C704A4E09024CD8BB6E0262379E
    Malicious:false
    Reputation:unknown
    Preview:PK..........!..4<.....&(......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z..0..W.?D.V.Lh....E....T..$7.6~.63...!&.Ma..\......s..:...>.&..ck%g.U6N...*k...?._G7ib..%o..Y....._...w.l......G.l...m.4H?R)#.._.i^..k`.x|..%.H7r-F:.~..o..|y.?wJ~kX..nb.5Kk.........}R.n.;?..d.D.(..|.~......N0.#..B.wo..KH..o\.Y.^......_.=.sD.......E.F.`._'.d....@&x-....(..).K4..5.....XN...q5....Bn...W..f.."..5`_^A.;L.......yP.=.~..x.>(.R.I.0V......D.p@..P(." H8 .-a..P.I90.J../.\~S....>kw..w.g..d..M..Q.O..G....-q...

    C:\Users\Public\Documents\LEADER\Templates\CustomReportFields.docx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Word 2007+
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:34C68017593DEE31D11F8C95CD4E3970
    SHA1:CC5A4D1845281F0CC2D783217D597501C9908A6F
    SHA-256:4DB83D34D9140B560AB2DFEF9CFCAC1D1C2020FADA0F05D0995EDE67EA271E9D
    SHA-512:711D787CAE97AD6A1E4D720CAFF4505EB62D2A8B31F80BFDB2C9F1FBCD94C6A97866FB1E7862AFCE655D90C998CCB8351A360F0ADE350165AD88983EEFB711BE
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.2.oWf...........[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j.0.E......J.(....e.h...4ND.B.....81.$14.. ..{..1...l...w%..=...^i7+...-.d.&.0.A.6.l4...L6.0#...S.O.....X...*..V$:...B~....^.K......../P..I..~7$....i..J&B0Z.Du.t.OJ.K(H.....xG...L.+..v......dc.....W>*..\XR..m.p....Z}.....HwnM.V..n....-..")/..ZwB`.....4........s.DX...j...;A*.....c......4....[.S..9.> ......{.V.4p....W.&....A......|.d.?.......PK..........!.........N......._rels/.rels ...(...........................

    C:\Users\Public\Documents\LEADER\Templates\Full Report Template.dotx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Word 2007+
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:89726F81863EF4033F66FD21F1ED135A
    SHA1:2E09D83590F964C2A1C731FD6BE83C164185BBCB
    SHA-256:37AB1CD629583BDE1D7C7E0DA3B62241E836B287620945AC4C471D8EF5978AD4
    SHA-512:A1D5170B4A2A64A9E60B56E681ECEB2ED9BCFA1F64EC9B3D8353709B26C26B4F3C1CEE3F71ACC6F1BBA215C92F1FE13A2E0047F7CAD582B186B3014C88484567
    Malicious:false
    Reputation:unknown
    Preview:PK..........!..4<.....&(......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z..0..W.?D.V.Lh....E....T..$7.6~.63...!&.Ma..\......s..:...>.&..ck%g.U6N...*k...?._G7ib..%o..Y....._...w.l......G.l...m.4H?R)#.._.i^..k`.x|..%.H7r-F:.~..o..|y.?wJ~kX..nb.5Kk.........}R.n.;?..d.D.(..|.~......N0.#..B.wo..KH..o\.Y.^......_.=.sD.......E.F.`._'.d....@&x-....(..).K4..5.....XN...q5....Bn...W..f.."..5`_^A.;L.......yP.=.~..x.>(.R.I.0V......D.p@..P(." H8 .-a..P.I90.J../.\~S....>kw..w.g..d..M..Q.O..G....-q...

    C:\Users\Public\Documents\LEADER\Templates\LEADER Blank Template.dotx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Word 2007+
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D26C7941A44D3ACDB9F034E8316E71C5
    SHA1:EC77340765DE94B09E3B5A0F2A5A957996FB6737
    SHA-256:EBCF0C9E89DC87D91B39C11A2575445CD2672C136621CA921ACF65047420A2ED
    SHA-512:B4DD9AEC5BE42B23CEDBF8685685A00A5576FBC5850ED4FCDF5A1317AA9A1189EA7A725E4930E5F3536F5154A4C61EDE7678A2E737B8548739EB1E59F8A0EF23
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.C...............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Oo.@.......F.......6...J?.xw...?..I....j*.../H....=..zz..l.)..kqYMD.^.m...?..GQd......Xc.....u.\...Z,..').Z..\...O....M..A=....d.A...=..y...3...T|y.{..xQ..s]T- Fk....G.+...t.D..z..m e!.........hspX......U.m.....41_......x.V.........}..S...uP+.......F.^......w."t..`.....Q.......W>.f...\.A.y!.L.+.`b........xN..$.}...c.l......>.... m........ .z=...y.a..1].=Ao|..F.....<h,.A.... ....|.?..9...)..7j....S.\8b

    C:\Users\Public\Documents\LEADER\Templates\LEADER Macros.dot (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: LEADER Report Template, Subject: Standard Microsoft Word document template for reports generated by HazardReview LEADER. This file must be present in the root Leader4 directory. Contains the special paragraph/character styles, macros, and toolbars used in HazardReview LEADER reports., Author: Tom R. Williams, Template: Leader w-Comments macro2.dot, Last Saved By: Tom R. Williams, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Last Printed: Mon Nov 3 22:45:00 2003, Create Time/Date: Fri Dec 21 22:47:00 2018, Last Saved Time/Date: Fri Dec 21 22:47:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:DACCDE82CAC90E274A5610F36A2D631C
    SHA1:46E4AEFCE99BB128041513975584EFFB5ED53BEB
    SHA-256:D0123181FBA072C759E5FAA209EA42E1CE5F8E2F52DE3B2137BF42EE61698025
    SHA-512:00FCA53F8F7579949BDD18542712AC96DD87E814B585A13DD4B92D7EB2BA1C3159985AA0DF8761120BD5B08C064F72CBAA022E1E16B9E27486C604F9CE271278
    Malicious:false
    Reputation:unknown
    Preview:......................>.......................|...........~...............{...........A.......|..................................................................................................................................................................................................................................................................................................................................................................................................................................]...+...................4.....bjbj.(.(.......................b...B.e.B.e........2.................................................................................................................................................................8............................x......E.......E.......[.......[.......[................................%..;S..Kx......Kx......Kx......Kx......Kx......Kx..$...tz......*}......ox......................................................u.......u...".

    C:\Users\Public\Documents\LEADER\Templates\LOPA Template.xltm (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Excel 2007+
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:9F695BE6FCB530785CFA5EF48CE0F4B4
    SHA1:6436B4F37393E747B4BB73C81CE17831A28A0B1C
    SHA-256:B0158AB28DEF85E489A91D4E0A319D6DF46F0D255C269C9C1057D30C4EB692C5
    SHA-512:2222E99960580AFDD828C8F30124AF5D426CEA9D78D6354BCF2510E8A84C3CFA6E706E2211B8A4710BA31E373025C1A50F0BE164F0BE954C45C608F12051D75E
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.E...}...*.......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................XMs.0..w....k..I.$..9...f.:....`}.$...]..i..1&S_.@.{oW.v...ZdA..r%G.Y<...L%\.F...*...2...0.7`....w..F...Z.Q.:...bY...Xi..3WFP.o.h.t..|0. LI..E.c......*s...?.....I.=O5....g.P....I..s. Ql%.:...Ml..D.k...s..I-...R...b.....d...z...m.\...-...k..C......n.|.]s.....G..........;j.w*...:#..,gJ-..*=.....d....u..eF.J:...).OQ.CVd.%.......w.fyg...:.{..cOt|..=.q....=.q..._....s.&..,y^b....x.k....U...2.};y.A.6.}........

    C:\Users\Public\Documents\LEADER\Templates\Outline.potx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft PowerPoint 2007+
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:20ABCEE19A2AFC4D96A266E5A40854D4
    SHA1:073F0F66D0E0C4D2E0B1D71DCD0CEE9EBAAA05BB
    SHA-256:69BB3A20EF6E53D90EE5BC44115A5AA33AD0C63C845BAC75B3A3646332240505
    SHA-512:9CE98E50041151A7399FCE345AB2D2130F86EAE2DF75FD6F5A9BF4662069CC30D76F8BABADC7F146519CE6604ABF48877B884A17B215F0825CCCF5DE3274F39B
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.Mz.S............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................n.0........1t...=t9uAj..n2.[o...o.I..UP.P.H....7...s>.*.......&K..f.......K..S.e.dl...www:.S.!!....".3.C>.-Bj.......i....U...7.m.[.`.....v../F....M.$/..,....Z...4..|....4.9%s...cS| k.RRV9a(]..5.....3.=.N/.Hz....C.<..U...N+Pm./s(l>.$I..J.... .B.y..@...[...}y..6..&.R...m3,.7..%.....x........KQ.l.(..<.T..^...~..S;..~.....k.2.G.t.!.a.LG.2.#d:...$B....Z.....ON.......3.......<...EE..u.P.<.(V.............PK.....

    C:\Users\Public\Documents\LEADER\Templates\Recommendations.potx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft PowerPoint 2007+
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:C55CC8EFE1C6D3C885D2020104E257D5
    SHA1:898578D45A6759F019D93BD692DF080FC24C849F
    SHA-256:D00C02B1F07C81C5914FE71780E9B6DA5F021BE740572870B8E79CC98C8F604B
    SHA-512:F931263F41E38DAEC99643AF5C82C696573025F995B01139B11E2EC9F606B34288E71B26D9481F3B84DE5ADDD77C853E6B63031A01AB5B802C4CE9145D752B89
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.Mz.S............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................n.0........1t...=t9uAj..n2.[o...o.I..UP.P.H....7...s>.*.......&K..f.......K..S.e.dl...www:.S.!!....".3.C>.-Bj.......i....U...7.m.[.`.....v../F....M.$/..,....Z...4..|....4.9%s...cS| k.RRV9a(]..5.....3.=.N/.Hz....C.<..U...N+Pm./s(l>.$I..J.... .B.y..@...[...}y..6..&.R...m3,.7..%.....x........KQ.l.(..<.T..^...~..S;..~.....k.2.G.t.!.a.LG.2.#d:...$B....Z.....ON.......3.......<...EE..u.P.<.(V.............PK.....

    C:\Users\Public\Documents\LEADER\Templates\Spanish Template.ldt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5A1F86C6D8A22453BC4572D9BC3379F6
    SHA1:73A0DD6A09B0B24E15B692BB3D71408E2254C293
    SHA-256:6FACF1B87BE99F6A37E9C805DC64496D238A9A6D5ABAF2E1F119D172FEE54BBC
    SHA-512:B70EE47BE6FD705C754AA1D2D68CADC3D9EC0D25E2A220F6D2B990A0C137BB45C065A89DA4C3880DEFF5B8684E05F072B6C581D2BA17EFC7138D51B472220678
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|........P.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Templates\Task Analysis Template.ldt (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F580C9663B3D5E2684B1655DF667CFFB
    SHA1:003560D555532A98B1212E919F3EB3F2468F1B58
    SHA-256:2E5C0BDB088793E7AA1606D96CB227D847BA55C9A6F6240AF77DDA361DDC3F28
    SHA-512:B3457DB783B3CBC58796663E3E947B5320CDA5184FB08B24359BCDF95B046D7D8B5CF21C7624A899E62EA18736B5FF2C55F2630A3435169E2AFEF6AA132F48A6
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|.......M..f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Templates\~GLH0077.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Word 2007+
    Category:dropped
    Size (bytes):121162
    Entropy (8bit):7.8285113967862605
    Encrypted:false
    SSDEEP:
    MD5:0EBBF0580CB5287295AB679CE4975267
    SHA1:B9654508ADBBD98DD7EE6F71A15C8B4140F535AC
    SHA-256:B6B9C012C59478063B6FEFC1B9B95BC3456872D205D80AE838F365D0E26F8FED
    SHA-512:1CFF32912315FEDC25A68E0BA9038A5C246C7082A746417532593D071D6EACC38B39A13676992C16757EE823A6041D86DE2091CBD08F2C5D8C66C0B18564D3C8
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.........()......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZM..0..W...r..l.n....~.[.R.W.L m.!......1.j..\v4..X{.{3......h.;0.Vr.^.'i..Pe-......&M...0Kw`....W..N.M|...t...-6 ..+..T....G.f.....X6.\.BI..\........%_...;%.5...S7...h....h...>..Z7u...gw.|.l.T.}.~......N0.#..B.w_NS..,.q...2%+U..>r.<..........M.U..~.D3v .........bk...D.j..0J.....-..WC_...[....|1z.A...../.......|....<(..V?.T<...R).r...C...Y"i8 .J(.h..$......J(....%m..`...Q....(.......W&.......#.G...8.

    C:\Users\Public\Documents\LEADER\Templates\~GLH0078.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Word 2007+
    Category:dropped
    Size (bytes):120162
    Entropy (8bit):7.823800367861878
    Encrypted:false
    SSDEEP:
    MD5:B25F5002B27FB4BF31C51210AD8226EA
    SHA1:ADE15204A0258D0574A6BCDAB9D733DAFC9089F4
    SHA-256:4498D7CB6C14BDAA8EE61671EBD9B8F25884DC615823FBBE37CDF86A4186CF5A
    SHA-512:3CBE5D902DA76F9FC3F73A95683FBEAAACEEC133E34A68CE96728B3A1CA7A20013D915AF9478718D3B03253EE2DACA55BF0B5C704A4E09024CD8BB6E0262379E
    Malicious:false
    Reputation:unknown
    Preview:PK..........!..4<.....&(......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z..0..W.?D.V.Lh....E....T..$7.6~.63...!&.Ma..\......s..:...>.&..ck%g.U6N...*k...?._G7ib..%o..Y....._...w.l......G.l...m.4H?R)#.._.i^..k`.x|..%.H7r-F:.~..o..|y.?wJ~kX..nb.5Kk.........}R.n.;?..d.D.(..|.~......N0.#..B.wo..KH..o\.Y.^......_.=.sD.......E.F.`._'.d....@&x-....(..).K4..5.....XN...q5....Bn...W..f.."..5`_^A.;L.......yP.=.~..x.>(.R.I.0V......D.p@..P(." H8 .-a..P.I90.J../.\~S....>kw..w.g..d..M..Q.O..G....-q...

    C:\Users\Public\Documents\LEADER\Templates\~GLH0079.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Word 2007+
    Category:dropped
    Size (bytes):120254
    Entropy (8bit):7.823880660416815
    Encrypted:false
    SSDEEP:
    MD5:89726F81863EF4033F66FD21F1ED135A
    SHA1:2E09D83590F964C2A1C731FD6BE83C164185BBCB
    SHA-256:37AB1CD629583BDE1D7C7E0DA3B62241E836B287620945AC4C471D8EF5978AD4
    SHA-512:A1D5170B4A2A64A9E60B56E681ECEB2ED9BCFA1F64EC9B3D8353709B26C26B4F3C1CEE3F71ACC6F1BBA215C92F1FE13A2E0047F7CAD582B186B3014C88484567
    Malicious:false
    Reputation:unknown
    Preview:PK..........!..4<.....&(......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z..0..W.?D.V.Lh....E....T..$7.6~.63...!&.Ma..\......s..:...>.&..ck%g.U6N...*k...?._G7ib..%o..Y....._...w.l......G.l...m.4H?R)#.._.i^..k`.x|..%.H7r-F:.~..o..|y.?wJ~kX..nb.5Kk.........}R.n.;?..d.D.(..|.~......N0.#..B.wo..KH..o\.Y.^......_.=.sD.......E.F.`._'.d....@&x-....(..).K4..5.....XN...q5....Bn...W..f.."..5`_^A.;L.......yP.=.~..x.>(.R.I.0V......D.p@..P(." H8 .-a..P.I90.J../.\~S....>kw..w.g..d..M..Q.O..G....-q...

    C:\Users\Public\Documents\LEADER\Templates\~GLH007a.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Word 2007+
    Category:dropped
    Size (bytes):38770
    Entropy (8bit):7.682077676291142
    Encrypted:false
    SSDEEP:
    MD5:D26C7941A44D3ACDB9F034E8316E71C5
    SHA1:EC77340765DE94B09E3B5A0F2A5A957996FB6737
    SHA-256:EBCF0C9E89DC87D91B39C11A2575445CD2672C136621CA921ACF65047420A2ED
    SHA-512:B4DD9AEC5BE42B23CEDBF8685685A00A5576FBC5850ED4FCDF5A1317AA9A1189EA7A725E4930E5F3536F5154A4C61EDE7678A2E737B8548739EB1E59F8A0EF23
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.C...............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Oo.@.......F.......6...J?.xw...?..I....j*.../H....=..zz..l.)..kqYMD.^.m...?..GQd......Xc.....u.\...Z,..').Z..\...O....M..A=....d.A...=..y...3...T|y.{..xQ..s]T- Fk....G.+...t.D..z..m e!.........hspX......U.m.....41_......x.V.........}..S...uP+.......F.^......w."t..`.....Q.......W>.f...\.A.y!.L.+.`b........xN..$.}...c.l......>.... m........ .z=...y.a..1].=Ao|..F.....<h,.A.... ....|.?..9...)..7j....S.\8b

    C:\Users\Public\Documents\LEADER\Templates\~GLH007b.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: LEADER Report Template, Subject: Standard Microsoft Word document template for reports generated by HazardReview LEADER. This file must be present in the root Leader4 directory. Contains the special paragraph/character styles, macros, and toolbars used in HazardReview LEADER reports., Author: Tom R. Williams, Template: Leader w-Comments macro2.dot, Last Saved By: Tom R. Williams, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Last Printed: Mon Nov 3 22:45:00 2003, Create Time/Date: Fri Dec 21 22:47:00 2018, Last Saved Time/Date: Fri Dec 21 22:47:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0
    Category:dropped
    Size (bytes):337408
    Entropy (8bit):5.428784819628228
    Encrypted:false
    SSDEEP:
    MD5:DACCDE82CAC90E274A5610F36A2D631C
    SHA1:46E4AEFCE99BB128041513975584EFFB5ED53BEB
    SHA-256:D0123181FBA072C759E5FAA209EA42E1CE5F8E2F52DE3B2137BF42EE61698025
    SHA-512:00FCA53F8F7579949BDD18542712AC96DD87E814B585A13DD4B92D7EB2BA1C3159985AA0DF8761120BD5B08C064F72CBAA022E1E16B9E27486C604F9CE271278
    Malicious:false
    Reputation:unknown
    Preview:......................>.......................|...........~...............{...........A.......|..................................................................................................................................................................................................................................................................................................................................................................................................................................]...+...................4.....bjbj.(.(.......................b...B.e.B.e........2.................................................................................................................................................................8............................x......E.......E.......[.......[.......[................................%..;S..Kx......Kx......Kx......Kx......Kx......Kx..$...tz......*}......ox......................................................u.......u...".

    C:\Users\Public\Documents\LEADER\Templates\~GLH007c.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Word 2007+
    Category:dropped
    Size (bytes):20048
    Entropy (8bit):7.555673580555201
    Encrypted:false
    SSDEEP:
    MD5:34C68017593DEE31D11F8C95CD4E3970
    SHA1:CC5A4D1845281F0CC2D783217D597501C9908A6F
    SHA-256:4DB83D34D9140B560AB2DFEF9CFCAC1D1C2020FADA0F05D0995EDE67EA271E9D
    SHA-512:711D787CAE97AD6A1E4D720CAFF4505EB62D2A8B31F80BFDB2C9F1FBCD94C6A97866FB1E7862AFCE655D90C998CCB8351A360F0ADE350165AD88983EEFB711BE
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.2.oWf...........[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j.0.E......J.(....e.h...4ND.B.....81.$14.. ..{..1...l...w%..=...^i7+...-.d.&.0.A.6.l4...L6.0#...S.O.....X...*..V$:...B~....^.K......../P..I..~7$....i..J&B0Z.Du.t.OJ.K(H.....xG...L.+..v......dc.....W>*..\XR..m.p....Z}.....HwnM.V..n....-..")/..ZwB`.....4........s.DX...j...;A*.....c......4....[.S..9.> ......{.V.4p....W.&....A......|.d.?.......PK..........!.........N......._rels/.rels ...(...........................

    C:\Users\Public\Documents\LEADER\Templates\~GLH007d.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft PowerPoint 2007+
    Category:dropped
    Size (bytes):300649
    Entropy (8bit):7.9054712347869325
    Encrypted:false
    SSDEEP:
    MD5:20ABCEE19A2AFC4D96A266E5A40854D4
    SHA1:073F0F66D0E0C4D2E0B1D71DCD0CEE9EBAAA05BB
    SHA-256:69BB3A20EF6E53D90EE5BC44115A5AA33AD0C63C845BAC75B3A3646332240505
    SHA-512:9CE98E50041151A7399FCE345AB2D2130F86EAE2DF75FD6F5A9BF4662069CC30D76F8BABADC7F146519CE6604ABF48877B884A17B215F0825CCCF5DE3274F39B
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.Mz.S............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................n.0........1t...=t9uAj..n2.[o...o.I..UP.P.H....7...s>.*.......&K..f.......K..S.e.dl...www:.S.!!....".3.C>.-Bj.......i....U...7.m.[.`.....v../F....M.$/..,....Z...4..|....4.9%s...cS| k.RRV9a(]..5.....3.=.N/.Hz....C.<..U...N+Pm./s(l>.$I..J.... .B.y..@...[...}y..6..&.R...m3,.7..%.....x........KQ.l.(..<.T..^...~..S;..~.....k.2.G.t.!.a.LG.2.#d:...$B....Z.....ON.......3.......<...EE..u.P.<.(V.............PK.....

    C:\Users\Public\Documents\LEADER\Templates\~GLH007e.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft PowerPoint 2007+
    Category:dropped
    Size (bytes):308260
    Entropy (8bit):7.906981559338942
    Encrypted:false
    SSDEEP:
    MD5:C55CC8EFE1C6D3C885D2020104E257D5
    SHA1:898578D45A6759F019D93BD692DF080FC24C849F
    SHA-256:D00C02B1F07C81C5914FE71780E9B6DA5F021BE740572870B8E79CC98C8F604B
    SHA-512:F931263F41E38DAEC99643AF5C82C696573025F995B01139B11E2EC9F606B34288E71B26D9481F3B84DE5ADDD77C853E6B63031A01AB5B802C4CE9145D752B89
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.Mz.S............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................n.0........1t...=t9uAj..n2.[o...o.I..UP.P.H....7...s>.*.......&K..f.......K..S.e.dl...www:.S.!!....".3.C>.-Bj.......i....U...7.m.[.`.....v../F....M.$/..,....Z...4..|....4.9%s...cS| k.RRV9a(]..5.....3.=.N/.Hz....C.<..U...N+Pm./s(l>.$I..J.... .B.y..@...[...}y..6..&.R...m3,.7..%.....x........KQ.l.(..<.T..^...~..S;..~.....k.2.G.t.!.a.LG.2.#d:...$B....Z.....ON.......3.......<...EE..u.P.<.(V.............PK.....

    C:\Users\Public\Documents\LEADER\Templates\~GLH007f.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Excel 2007+
    Category:dropped
    Size (bytes):447828
    Entropy (8bit):7.851740144653362
    Encrypted:false
    SSDEEP:
    MD5:9F695BE6FCB530785CFA5EF48CE0F4B4
    SHA1:6436B4F37393E747B4BB73C81CE17831A28A0B1C
    SHA-256:B0158AB28DEF85E489A91D4E0A319D6DF46F0D255C269C9C1057D30C4EB692C5
    SHA-512:2222E99960580AFDD828C8F30124AF5D426CEA9D78D6354BCF2510E8A84C3CFA6E706E2211B8A4710BA31E373025C1A50F0BE164F0BE954C45C608F12051D75E
    Malicious:false
    Reputation:unknown
    Preview:PK..........!.E...}...*.......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................XMs.0..w....k..I.$..9...f.:....`}.$...]..i..1&S_.@.{oW.v...ZdA..r%G.Y<...L%\.F...*...2...0.7`....w..F...Z.Q.:...bY...Xi..3WFP.o.h.t..|0. LI..E.c......*s...?.....I.=O5....g.P....I..s. Ql%.:...Ml..D.k...s..I-...R...b.....d...z...m.\...-...k..C......n.|.]s.....G..........;j.w*...:#..,gJ-..*=.....d....u..eF.J:...).OQ.CVd.%.......w.fyg...:.{..cOt|..=.q....=.q..._....s.&..,y^b....x.k....U...2.};y.A.6.}........

    C:\Users\Public\Documents\LEADER\Templates\~GLH00ab.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1310720
    Entropy (8bit):2.664171156651563
    Encrypted:false
    SSDEEP:
    MD5:5A1F86C6D8A22453BC4572D9BC3379F6
    SHA1:73A0DD6A09B0B24E15B692BB3D71408E2254C293
    SHA-256:6FACF1B87BE99F6A37E9C805DC64496D238A9A6D5ABAF2E1F119D172FEE54BBC
    SHA-512:B70EE47BE6FD705C754AA1D2D68CADC3D9EC0D25E2A220F6D2B990A0C137BB45C065A89DA4C3880DEFF5B8684E05F072B6C581D2BA17EFC7138D51B472220678
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|........P.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\Templates\~GLH00ac.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1060864
    Entropy (8bit):1.7307109447678375
    Encrypted:false
    SSDEEP:
    MD5:F580C9663B3D5E2684B1655DF667CFFB
    SHA1:003560D555532A98B1212E919F3EB3F2468F1B58
    SHA-256:2E5C0BDB088793E7AA1606D96CB227D847BA55C9A6F6240AF77DDA361DDC3F28
    SHA-512:B3457DB783B3CBC58796663E3E947B5320CDA5184FB08B24359BCDF95B046D7D8B5CF21C7624A899E62EA18736B5FF2C55F2630A3435169E2AFEF6AA132F48A6
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|.......M..f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\WorksheetReportWorkshop.ldr (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:DC0B1BC1781050F699E1EC030B678698
    SHA1:4F4FFFC4DCAB05D95DD5AA60630E360709CB682A
    SHA-256:E4EC457AA37DB49DB25C07E43BAEC11E474D1640913E0444A10CDC4389C9D586
    SHA-512:27A88846CC006A434FFCEB6E6B6B1F6BD05CE2F55F53AA9A98EBD3AD7C36C921672871BDF5C3FC199DADFE4213BB53E49C4AAEA7C38B9DBDDF3BF312FA9D0E1B
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|.....!..u.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00ad.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1503232
    Entropy (8bit):2.4269603288058303
    Encrypted:false
    SSDEEP:
    MD5:799BB628E22CEE85174FC47D15F57005
    SHA1:03AE747826750F213273A6C08C8C8E6A30823296
    SHA-256:5384872CF6D32DD8A797DFF44D85189828FCF8CDC21EFB1647AD37FBF7CD2A09
    SHA-512:E9EB3462664C6CBE473E4019027C3F166992329F9A54F1D175F7DB399D0353F0FB358C4C969737061610B6ABC3D6A1EB3815E75BE4E574C0D5DF32372C6A88F4
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N|Q.7...<.(....`.>{6....^.C5..3..y[h.|*..|......N`1;a.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00ae.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1937408
    Entropy (8bit):2.7184149266523816
    Encrypted:false
    SSDEEP:
    MD5:5DCFB8205B6C6D5B9C263B2491B930F6
    SHA1:2E1A7EE3772053322EEE8C82DE7F665400512B63
    SHA-256:758F7D2F99709A893D74815948B993D84FA011958CD5D5BCB2AFA9CDC0D61366
    SHA-512:5236B8ACD087D7FDA318FEFBEA9877452E3C95418E8415170A987373DE1079568EF184A79F68D2929C9DD11A950C3D9A70B8340582CE18CD5EEFEB6974CD0DA8
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7$.....(.j..`-${6....D.C...3M.y[..|*..|........[Y1.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00af.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1155072
    Entropy (8bit):2.1843512540211893
    Encrypted:false
    SSDEEP:
    MD5:55712D1DDAC71549B35D791BD09DAD16
    SHA1:5E4D39E5158850BEBA11CD9E70CD7154D5276534
    SHA-256:C26B4124A48383703534FD71830FBC8758E69D81D0DB6B0FCD198753F6506A48
    SHA-512:6339C20808FC582E651D9FDFCF6B76D99072E67F994690AB6E0FD9E44F207BC44319403C76370E4B7E77977CED20470453F7D1321216E86FDB5F5D80070A19CE
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NHQ.7.....(....`.>{6;...^.C...3..y[\.|*..|.......U{.g.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00b0.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1060864
    Entropy (8bit):1.8523916987333753
    Encrypted:false
    SSDEEP:
    MD5:8463FF69A1016AE771514B174985374A
    SHA1:EB8AA33C0C258B1D30338D10E80EBDABF8F46EB8
    SHA-256:86B606CBEBF32906730731B893DB4AF92D90F20102951284098F6A5F9F9CAC83
    SHA-512:FC66EE813795531EAB67847A65A12F2B59FF4B171B6DD3AB9DFA45E74B3A6C394267CFBF9C49F91EC3AFDB0CB9787B2FF006EA79AD660919457FD959B6ED51D5
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|.......vB.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00b1.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1155072
    Entropy (8bit):1.9943472430316505
    Encrypted:false
    SSDEEP:
    MD5:CB850B9B667717418E50F107D069C1DC
    SHA1:4EC5660563ACA3E86CAC7B87CB4E2B2DF074E079
    SHA-256:335309271DB59C8BA8A59670A3C89B69D800E2F7BCCC8E1E03743F628F03AAC3
    SHA-512:A37E67474FA69E72E5B307AB0F05F4E5FA9740E218A6FD243591F4DA41F5D5B71152B1CD86BE750A933F7AA0C48A72054B98721C9E141FDA19AFB45CE102E7D9
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|........G.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00b2.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1130496
    Entropy (8bit):1.6576816979571791
    Encrypted:false
    SSDEEP:
    MD5:3DEB7E047F3EBFE584EC43FADBB378E9
    SHA1:6A2E380C77A2AB5178C49DE8017DC830FC11DFC3
    SHA-256:B5DA024B0764A5795657F17A695CBA7F4AE0F23CC597310B53A848069B91E342
    SHA-512:D38112450C5D065C25CA65A5838E40D7F2F15936E780632B24CF45E3D83C84D180DE91EFB69854394F4275CEE1534F1EF3CC11A2804255BCF65A3E8BE7619C9B
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|.......?O.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00b3.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1343488
    Entropy (8bit):2.260250823471266
    Encrypted:false
    SSDEEP:
    MD5:BA8036E31F4752BB8762AA26A5C2FBB8
    SHA1:0ABB03488DDE0D1DC1634BE95D57E658C964BC0D
    SHA-256:D7C1D8E6C84E14AE17AEC3928B983921D48E84E4DDA043D3B337537277FBDAA2
    SHA-512:FC92964577626669FC100DD73FE3710836A1EBEF1FC9EC6668D2D7AFC6FF5C487AFDAF179DE9B55E4BEB7A5297E2BD56CECEDB7566923CEDA076EB5DF57CC795
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NIQ.7.....(....`.>{6:...^.C...3..y[].|*..|.....^1..g.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00b4.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1171456
    Entropy (8bit):2.185777797859427
    Encrypted:false
    SSDEEP:
    MD5:7E58C01717886AB758F865B165017A8C
    SHA1:72D3044647FE2FB15F4511DA89249963413E073B
    SHA-256:178D16271FC299224EA72475A796B4A79BA7084D2384135E354C4AB2EC64CB88
    SHA-512:CE906F2F0883078F8BA8BB803BB3FFB5AC3F7991793782767C437EB1FA3FECA75E54FD70C9C33C68FB6D791C74D7E2A6141A36B7531C1770A171CACC3BA15204
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|....... t.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00b5.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1126400
    Entropy (8bit):2.1491061135115928
    Encrypted:false
    SSDEEP:
    MD5:DC0B1BC1781050F699E1EC030B678698
    SHA1:4F4FFFC4DCAB05D95DD5AA60630E360709CB682A
    SHA-256:E4EC457AA37DB49DB25C07E43BAEC11E474D1640913E0444A10CDC4389C9D586
    SHA-512:27A88846CC006A434FFCEB6E6B6B1F6BD05CE2F55F53AA9A98EBD3AD7C36C921672871BDF5C3FC199DADFE4213BB53E49C4AAEA7C38B9DBDDF3BF312FA9D0E1B
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...NEQ.7.....(....`.>{66...^.C...3..y[Q.|*..|.....!..u.f.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00b6.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1953792
    Entropy (8bit):2.793505378538937
    Encrypted:false
    SSDEEP:
    MD5:81EDDFCE0990F84935A75968FE3386A0
    SHA1:472A8EA6F1EFC20E9510D2EFB1AB7F7E4AD33E1F
    SHA-256:7280CC50F21B660AF217A4B963880368F9F7FFA6F93331FAE25D6664DFF61D44
    SHA-512:C37A984108022C6C7C5108DB59656E2353A078B985DF62DF7BF9F63BDFDC589F2BEFC1C2122A0299FC09B4FFA18A019BBB578E19B6D0BEC7F48A2E80048153AC
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7$.....(.j..`-${6....D.C...3M.y[..|*..|........[Y1.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00b7.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1953792
    Entropy (8bit):2.8289060151867718
    Encrypted:false
    SSDEEP:
    MD5:D70D1831A1D0E14607D5E4BA2014D080
    SHA1:74B48C9A311F325265A2ED6232B566C21E0373FE
    SHA-256:30E15623FF6F92A9960E1840AE596CC1BB0D7AA68EF97328A6A86C1588D0C2FE
    SHA-512:09FDC07D44E6254907FF51D614FDAE4B7E2C3B4246050703AA0EC9B2BDC3AA5FF94583270E93527A19182AA0EE7C6D883353E429F88DC324CA093E5B627A8A9F
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7$.....(.j..`-${6....D.C...3M.y[..|*..|........[Y1.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00b8.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1949696
    Entropy (8bit):2.6770254467371317
    Encrypted:false
    SSDEEP:
    MD5:889547940EAA161F59BF0D9B8203816E
    SHA1:0698E6BD77BA47F4CE2ED0C0FB2831BA75BD34EF
    SHA-256:E1908BF9030DF1D24C0403E791C47620172065F0E78662BE1B5F40080EB511D3
    SHA-512:F636907C23432DA80A186EE6DD076B04D1F92DCE53C75A95FA9D2D16B75D97CD31D9CC80D7A770D16AB502E1277220E2673B8DBC0AC10D35C575C0A8603651F9
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7$.....(.j..`-${6....D.C...3M.y[..|*..|........[Y1.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00b9.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1941504
    Entropy (8bit):2.7175688657467765
    Encrypted:false
    SSDEEP:
    MD5:666448A1EA8E722EB145080644D3C6AB
    SHA1:7F50072F0CB4F039ECFE7667B66D496A9F1D3968
    SHA-256:C6B4E9AD0100718B6DD398FC5C4D1B5BFE265B682D1FD2F7188BDBD0384D32B1
    SHA-512:CD691F104D1FAFAADC4AEDF27D37ACF9735460B8526CC73D07BFF3C7B30A6CC33A83FA6C388D8701EB9C86E9176DE774344A45771C43D24AA0F37115E4F4297E
    Malicious:false
    Reputation:unknown
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7$.....(.j..`-${6....D.C...3M.y[..|*..|........[Y1.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\Public\Documents\LEADER\~GLH00ba.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PDF document, version 1.3, 1 pages
    Category:dropped
    Size (bytes):541081
    Entropy (8bit):7.6920770281584385
    Encrypted:false
    SSDEEP:
    MD5:E120103B88C828891E2526DFBBC3BB7E
    SHA1:56A3053F77F2674C315876A45787A8378C3F8993
    SHA-256:AFA3A3A623E27DFE09D4E26F74AD541606CF4E4364F39C19312141A3D82D2B92
    SHA-512:D53E9BFA00BF5B0D431BB2175D6BAF794F4DCD2A72434705AD546CB61ADF19E2B9102BBB91B55795002C99D6C46BCD2EE7A41093F00CBAF4034864EA22E2E702
    Malicious:false
    Reputation:unknown
    Preview:%PDF-1.3.%.....1 0 obj.<<./CreationDate (D:20141007145224-04'00')./ModDate (D:20141007145224-04'00')./Creator (Xerox Color 550)./Producer (Xerox Color 550).>>.endobj.23 0 obj.<<./Type /XObject./Subtype /Image./Width 2550./Height 3300./BitsPerComponent 8./ColorSpace /DeviceRGB./Filter /DCTDecode./Length 539707.>>.stream.......JFIF.....,.,.....C................................... $.' ",#..(7),01444.'9=82<.342...C......................"....."*&".."&*-)&"&)-2-))-222-222222222222...C......................"....."*&".."&*-)&"&)-2-))-222-222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.........................................................................

    C:\Users\user\AppData\Local\Temp\GLCB916.tmp

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):147456
    Entropy (8bit):6.624821699887081
    Encrypted:false
    SSDEEP:
    MD5:ACFCAB119456B15BB70BACEB81BD7E5F
    SHA1:5DB05F57795D1718D78D168AA6DE07E252B8706E
    SHA-256:76C0A0AA1A6A2E050A24795D772BA598CF074A1BB4C8C62658B9E55DBF3A89BD
    SHA-512:F3203F665177D340A5494F5E59206B8F3A37BDEF5AC457B06A144B1DB9D8671764ED3536A1093799A8E5A37F4C0B829F75B9D5301F2018B534F9D72BE8DB1782
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.L.O.L.O.L.S.L.O.L6P.L.O.L]S.L.O.L6P.L.O.L.O.L.N.L.P.L.O.L!o.L.O.L.I.L.O.L!o.L.O.LRich.O.L........PE..L.....%9...........!................i...................................................................................5...t........0.. ....................P...%...................................................................................text............................... ..`.rdata...%.......&..................@..@.data....+..........................@....rsrc... ....0......................@..@.reloc...-...P......................@..B................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\GLFC501.tmp (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:B9B41E50D612E00BF3A49A6405B89D74
    SHA1:88063EE643C64F18FEDDA1890C717122634AEDFD
    SHA-256:50E7A30E1825FAB93B94B698C2C6D2CC1787B094C6CEE53EEED5C497F77443C9
    SHA-512:B2486F526025095ADC6767B5C2F85F80446DB2B586E4DFF376D74D44494F16D78A361DC944F3A10D8AD494B871A190E8C3F0E92EB27114BE5D0B748E0DA9C1CA
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 1%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.9...W,..W,..W,..W,..W,..V,1.W,}.D,..W,..],..W,..S,..W,Rich..W,........................PE..L...1d 8...........!......................... ...............................P.......................................*..z...P%...............................@..(.................................................... ...............................text............................... ..`.rdata..z.... ......................@..@.data...H....0....... ..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\GLGC4E0.tmp

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):25853
    Entropy (8bit):5.53048854921238
    Encrypted:false
    SSDEEP:
    MD5:292C454D4203AD29A809E6E31549B36A
    SHA1:D782AA0DFD76751C3BA4911E84A7E397FD8A34B3
    SHA-256:3DAA77138E86B7691AADB4326D8936E2604785ACF1DEEF63DE41942580DAF305
    SHA-512:368B5D89CF14311B3DBFA3DDC5B91226DE2EE45164193D41D00159A775114083A91EF5ED1AEAC936F96B962D05DFD605BD3A082A3887878E87EFC7374C2A22B6
    Malicious:false
    Reputation:unknown
    Preview:*** Installation Started 04/26/2024 17:46 ***..Title: LEADER Installation..Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe | 04-26-2024 | 17:46:22 | 17423501..Uninstall MIF: UN_LEADER.MIF..Manufacturer: ABS Group..Product: LEADER..Version Number: 2023..Serial Number: ..RegDB Key: SOFTWARE\Microsoft\Shared Tools..RegDB Val: C:\Program Files (x86)\Common Files\Microsoft Shared..RegDB Name: SharedFilesDir..RegDB Root: 2..RegDB Key: SOFTWARE\Microsoft\Shared Tools\DAO..RegDB Val: C:\Program Files (x86)\Common Files\Microsoft Shared\DAO..RegDB Name: Path..RegDB Root: 2..File Overwrite: C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll | 12-07-2019 | 11:10:04 | 3.60.9765.0 | 610304 | 56cd9a67..File Copy: C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO2535.TLB | 11-05-2008 | 09:28:48 | | 73184 | 89526252..File Copy: C:\Windows\System32\Vb5db.dll | 11-05-2008 | 09:28:52 | 6.0.81.69 | 89360 | f8ab61a8..File Copy: C:\Windows\System32\Odbctl32.dll | 11-0

    C:\Users\user\AppData\Local\Temp\GLJB936.tmp

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):2560
    Entropy (8bit):2.496115780383093
    Encrypted:false
    SSDEEP:
    MD5:6F608D264503796BEBD7CD66B687BE92
    SHA1:BB82145E86516859DAE6D4B3BFFB08C727B13C65
    SHA-256:49833D2820AFB1D7409DFBD916480F2CDF5787D2E2D94166725BEB9064922D5D
    SHA-512:C14B7EC747357C232F9D958B44760E3A018DF628291E87DE52B8174CCC4ADA546EBA90A0E70172D1DB54FECA01B40CD3AEAA61B8A2B6F22D414BAAD1F62E8E54
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........XjS.9...9...9...9...9...%...9..Rich.9..........PE..L......4..................................... ....@..........................@....................................... ..5... ..(.................................................................................... .. ............................text...#........................... ..`.rdata..%.... ......................@..@.data...>....0......................@...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\~GLH0000.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):9728
    Entropy (8bit):5.417810523175898
    Encrypted:false
    SSDEEP:
    MD5:B9B41E50D612E00BF3A49A6405B89D74
    SHA1:88063EE643C64F18FEDDA1890C717122634AEDFD
    SHA-256:50E7A30E1825FAB93B94B698C2C6D2CC1787B094C6CEE53EEED5C497F77443C9
    SHA-512:B2486F526025095ADC6767B5C2F85F80446DB2B586E4DFF376D74D44494F16D78A361DC944F3A10D8AD494B871A190E8C3F0E92EB27114BE5D0B748E0DA9C1CA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.9...W,..W,..W,..W,..W,..V,1.W,}.D,..W,..],..W,..S,..W,Rich..W,........................PE..L...1d 8...........!......................... ...............................P.......................................*..z...P%...............................@..(.................................................... ...............................text............................... ..`.rdata..z.... ......................@..@.data...H....0....... ..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\VirtualStore\Windows\netdet.ini

    Download File
    Process:C:\Program Files (x86)\LEADER\LEADER.exe
    File Type:ASCII text, with very long lines (484), with CRLF line terminators
    Category:modified
    Size (bytes):520
    Entropy (8bit):1.8174015084108828
    Encrypted:false
    SSDEEP:
    MD5:3EF28EBF67676CF784E92A98BB0442EE
    SHA1:6AC22AB6DA6F3A39DAF088FF6DA84F0B7A4B59FE
    SHA-256:F91ECF8B945C886F039715D171E6167BA081EFC9BD27898F617AEC79E76F6FB1
    SHA-512:A3B6B8474BACB3909F4BE6687B0D0A619EA20819CCD50DD9E4F1A74C198623A8C2070820E3C1740634583357B96479B9D652FD12F5DB5C908E5F367E626FC09C
    Malicious:false
    Reputation:unknown
    Preview:[Routing.extent{CRITICAL ENTRY}]..NetDat%001000010110001000000001000101110100000010000111001000010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101001001010101=06744769..

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:46:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2673
    Entropy (8bit):3.991769917030027
    Encrypted:false
    SSDEEP:
    MD5:73EE049015920066FAF5EE430C3FD453
    SHA1:22CA1EC3550FE8F8125E09258719AE3E75A0A4D3
    SHA-256:F7A4CF588C045411E3B293F5900BF5AB19F966B7435CF9E66041E1D9F40DFCC8
    SHA-512:ABD8B8D648B677D351B35EB51BDAAD301AC24334A21B71D4BFA77B3FE5DE7F84FB9469F951EFDF63A4652EBFA66850719DE553B4E6751CA22C0F3CED4CB476E7
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,......x....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:46:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2675
    Entropy (8bit):4.006987332628997
    Encrypted:false
    SSDEEP:
    MD5:5CB665759693FCF42F382DDB0FD382B4
    SHA1:4358C55B46906093CCBE37D7FEB6D1AC5174542B
    SHA-256:5DAC5F6F2DAA3D76621A467C646C1E25140988895816B3E523E9A2012E7EDE75
    SHA-512:2FF2B95D4D0727B54C7F39E33BD42D2F2DA7D5BFC518DC1A228F5D9B8E0A29E9B2B8D17D4A72F7279922CE7CBD7A49F3E9016365CB2FFF8292FDC2BD77153B73
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,......l....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2689
    Entropy (8bit):4.013659541083163
    Encrypted:false
    SSDEEP:
    MD5:0C01DF2A44F7134727F0EF0977DA0C4B
    SHA1:4C59DA96C240DBB3B6D0A3292734D0EAB11878ED
    SHA-256:001B46986E80F6334592892BC6D9AFCE35A31D5EFD5A4F8915492F7BA4C92E3F
    SHA-512:737BCA1C21C8B69080871FEDFBA0D2B377DD58C71411EBBD0B2DBF97A5FF43FA8921A15D369099E11AC57FE4C48E20E36F16B48B19B7C89F441E1CA9B0D482FF
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:46:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2677
    Entropy (8bit):4.002664782853236
    Encrypted:false
    SSDEEP:
    MD5:9E3B25292A7CED461A2E0C964BBBC193
    SHA1:42A5AF0839A3A20A726EDD2AB677ED4D165AB545
    SHA-256:465C6A88490BFB6F499F21BCFE60E5C5F9F003A764EF5A9EC0114F92FB21A24C
    SHA-512:10B9486EB861F24B80034802DF1B013189B9B9CF1B6781AAE5A14B3E9B72AAA9233E6E9B4677B14A718E0E9B0C9D468E39611C8ACDA55E0C454FEBA6F74F70E4
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,.....Pg....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:46:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2677
    Entropy (8bit):3.9932930343181505
    Encrypted:false
    SSDEEP:
    MD5:BFF7EF0D42E1CB5BAC3DDFF863DEB3FD
    SHA1:132C25752F52F1C6D5545EAA659EB36069BC56B6
    SHA-256:D6BA6E7B4869019E67D08423C4324E6F7275A4B20C5466EF045112430FE1D009
    SHA-512:612EF4D95C33C9D97513E7D729180585995322E659B40828B83EBD60EB91F81A018FB36F62600CEB15F92B65C36BD242A064E465FCD5917FC7A4A808F61264A8
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,.....^s....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:46:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2679
    Entropy (8bit):4.0054904797431545
    Encrypted:false
    SSDEEP:
    MD5:B86CF2CC345C127C52B9CA5F551FAE59
    SHA1:15C74A933AB802B485E3B93027A1BC3E4EA39F71
    SHA-256:1BA04AF645032FB368DD97139D7A1A833D28C1C840F244F76D2A8FDBD0B9102F
    SHA-512:0C0EC1B134CEC0C0DD614E998582856280E99D3F84E7215257FCA5DB62F51E5219F292450229836326546B36CD0DC4D76FF5F57222659BBC7677274540E2DB85
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,......]....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Windows\LEADER.MIF

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:ASCII text, with CRLF line terminators
    Category:modified
    Size (bytes):1727
    Entropy (8bit):4.365238203483434
    Encrypted:false
    SSDEEP:
    MD5:A29D8BD89FE69625FF8569B96D8D9184
    SHA1:E30BAAE66E4923F4ECE28FE8590C51E251C4307C
    SHA-256:44A4A2D159BC561C05A36A49129A798AFE16D0FE3FD580921CBC8289796FEA20
    SHA-512:50DA6B9499016AA56B774B336CFA9E9C5A46933D9A4C1C20CA11404844B3510DCDCD8ECFBB840126CE3F6BF916E38A992A07433934DD4816E090F3B7AD93B322
    Malicious:false
    Reputation:unknown
    Preview:START COMPONENT.. NAME = "WORKSTATION".. START GROUP.. NAME = "ComponentID".. ID = 1.. CLASS = "DMTF|ComponentID|1.0".. START ATTRIBUTE.. NAME = "Manufacturer".. ID = 1.. ACCESS = READ-ONLY.. STORAGE = SPECIFIC.. TYPE = STRING(255).. VALUE = "ABS Group".. END ATTRIBUTE.. START ATTRIBUTE.. NAME = "Product".. ID = 2.. ACCESS = READ-ONLY.. STORAGE = SPECIFIC.. TYPE = STRING(255).. VALUE = "LEADER".. END ATTRIBUTE.. START ATTRIBUTE.. NAME = "Version".. ID = 3.. ACCESS = READ-ONLY.. STORAGE = SPECIFIC.. TYPE = STRING(255).. VALUE = "2023".. END ATTRIBUTE.. START ATTRIBUTE.. NAME = "Language".. ID = 4.. ACCESS = READ-ONLY.. STORAGE = SPECIFIC.. TYPE = STRING(255).. VALUE = "English".. END ATTRIBUTE.. START ATTRIBUTE.. NAME = "Serial Number".. ID = 5.. ACCESS = READ-ONLY.. STORAGE = SPECIFIC.. TYPE = STRING(255).

    C:\Windows\SysWOW64\COMDLG32.OCX (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\Comct332.ocx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\Dblist32.ocx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\Jbfllf.dll (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\MSCOMCTL.OCX (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:12C2755D14B2E51A4BB5CBDFC22ECB11
    SHA1:33F0F5962DBE0E518FE101FA985158D760F01DF1
    SHA-256:3B6CCDB560D7CD4748E992BD82C799ACD1BBCFC922A13830CA381D976FFCCCAF
    SHA-512:4C9B16FB4D787145F6D65A34E1C4D5C6EB07BFF4C313A35F5EFA9DCE5A840C1DA77338C92346B1AD68EEB59EF37EF18A9D6078673C3543656961E656466699CF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<7....PA.....#.........l.......:.......`....X'.........................P.......................................=...............P...Z...........)...............................................................................................text...H........................... ..`.data...xs.......r..................@....rsrc...4\...P...^...0..............@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\Mscomct2.ocx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\Msstdfmt.dll (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\Odbctl32.dll (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E5AEF09AC350B41FC101C4FAFCF788F8
    SHA1:CFE051BCB50835F6B16B6E45B271DAE443494601
    SHA-256:10DC690CDD8887A5B052DBFE10C5BBA0750465A541A412D516AA0261B0C7DE5A
    SHA-512:DB800E170A915E252BF50C12BD7DC1FD21773607C5C8DB76DA8272B654C7825B056AA5212B4228D54F924CD20C7BE64DEC17B0790B01921DB6FBCF6DB33DB3CC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L....[Z5...........!.........f...............................................P..........................................,.......P.... ..P....................0..........T............................................................................text...<........................... ..`.rdata...:.......<..................@..@.data...|...........................@....rsrc...P.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\Richtx32.ocx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\Tabctl32.ocx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\Threed32.ocx (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\Vb5db.dll (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4C6F2D2CE86330335801F2982B26223E
    SHA1:1C23BC50BC023D4FDCAE6C8BCE1BBEAAA4964061
    SHA-256:D7CF39E673A87FAC5D5ABAF81C572D422675B9F0FBE18D4EB4E7C20F3D3038CD
    SHA-512:603816AF478BAC34A0AB25ED67E2018D729D0FD0F48B3AF2B1719E7F9251E613183417B93386932FA7337718B8D24D5BC005D65A9A2B9DC83DFDB2CCAAD1B1AC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J.5....U......#.........Z......8........@....h..................................................O..................O.......v....`.......................p..........................................................8............................text...r........................... ..`.data...DI.......J..................@....rsrc........`.......L..............@..@.reloc.......p.......R..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\temp.000

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):102912
    Entropy (8bit):6.279860472114475
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0003.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Category:dropped
    Size (bytes):89360
    Entropy (8bit):5.77619876481194
    Encrypted:false
    SSDEEP:
    MD5:4C6F2D2CE86330335801F2982B26223E
    SHA1:1C23BC50BC023D4FDCAE6C8BCE1BBEAAA4964061
    SHA-256:D7CF39E673A87FAC5D5ABAF81C572D422675B9F0FBE18D4EB4E7C20F3D3038CD
    SHA-512:603816AF478BAC34A0AB25ED67E2018D729D0FD0F48B3AF2B1719E7F9251E613183417B93386932FA7337718B8D24D5BC005D65A9A2B9DC83DFDB2CCAAD1B1AC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J.5....U......#.........Z......8........@....h..................................................O..................O.......v....`.......................p..........................................................8............................text...r........................... ..`.data...DI.......J..................@....rsrc........`.......L..............@..@.reloc.......p.......R..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0004.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):72704
    Entropy (8bit):6.318871962599123
    Encrypted:false
    SSDEEP:
    MD5:E5AEF09AC350B41FC101C4FAFCF788F8
    SHA1:CFE051BCB50835F6B16B6E45B271DAE443494601
    SHA-256:10DC690CDD8887A5B052DBFE10C5BBA0750465A541A412D516AA0261B0C7DE5A
    SHA-512:DB800E170A915E252BF50C12BD7DC1FD21773607C5C8DB76DA8272B654C7825B056AA5212B4228D54F924CD20C7BE64DEC17B0790B01921DB6FBCF6DB33DB3CC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L....[Z5...........!.........f...............................................P..........................................,.......P.... ..P....................0..........T............................................................................text...<........................... ..`.rdata...:.......<..................@..@.data...|...........................@....rsrc...P.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0005.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Category:dropped
    Size (bytes):140288
    Entropy (8bit):6.137883567396153
    Encrypted:false
    SSDEEP:
    MD5:D76F0EAB36F83A31D411AEAF70DA7396
    SHA1:9BC145B54500FB6FBEA9BE61FBDD90F65FD1BC14
    SHA-256:46F4FDB12C30742FF4607876D2F36CF432CDC7EC3D2C99097011448FC57E997C
    SHA-512:9C22BC6B2E7DBCD344809085894B768CFA76E8512062C5BBF3CAEAA2771C6B7CE128BD5A0B6E385A5DA777D0D822A5B2191773CC0DDB05ABE1FA935FA853D79D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.6....!......#......................... ....z!.........................0......bS...............................s...............@...............................................................................................................text...L........................... ..`.data........0......................@....rsrc........@.......*..............@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0006.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0007.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Category:dropped
    Size (bytes):200496
    Entropy (8bit):6.326671003404017
    Encrypted:false
    SSDEEP:
    MD5:FAE53FAD924A437AF259649419C806E2
    SHA1:AE504AEE64256CAFA9E704F0BE9FC310D31DEB75
    SHA-256:114C72A291F7AC60D74D9F51D5B586915C768A7C19E5412476D0F0DB994DD225
    SHA-512:0259E734C107AE3E58CB39F836539FF31E878DB5E2AD66345DA862ADB8A9CE43AE3FB499F6301B2615E3D6C4AF43896A969A7D54ADF6E4AF815B02B1288399B5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R.5....[......#...............................!......................... .......}..............................@.......@...........H............... .......x ..@................................................................................text............................... ..`.data...d...........................@....rsrc...............................@....reloc..x ......."..................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0008.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0009.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):414944
    Entropy (8bit):5.9709829593117805
    Encrypted:false
    SSDEEP:
    MD5:CD95038AD048A3F498A3C380D2F506E7
    SHA1:CB0DB956731B659A22632C2E5B22B094A94736CD
    SHA-256:16A73A9F6DEBE095DE856F4B050818ADF21509E8655C3D7732DA0C20C3E9B034
    SHA-512:9A6B3CFABF4F824B5BC63874E14A6B60F72B3D65A8B22F4D9E4D747D26B41841D99F89CC82CD8097260CA43B8824BBEAC23B2E2D468C43DB9506AC99D125F7E2
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................e..............................Rich....................PE..L......6...........!.....`...........L.......p.....(.........................p.......%...............................m.......b..(.......Lg...........@....... ..lC..........................................`... .......X............................text...5^.......`.................. ..`.data....7...p.......p..............@....rsrc...Lg.......p..................@..@.reloc..4L... ...P..................@..Bmz.6............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH000a.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH000b.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Category:dropped
    Size (bytes):645616
    Entropy (8bit):6.462326786301514
    Encrypted:false
    SSDEEP:
    MD5:50E3AF22AC9796658B5C95766357791E
    SHA1:025CFB39303392343F9E1B883137A1256BCB58EE
    SHA-256:A8B56110FF163967F2A574C74BB81BE8BF8D2DE02F9561A88F90CBFB96B1BA9A
    SHA-512:8791AA8E34758D13BDC28886616181C45AB73A51C8B5DE7597B8AE31A4DA8DE808A13A1D4E56889DCD3EDD9DD2A92C89ACED6279A5E24BF80B5172B2818E4F8F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.6....u(.....#.....<..........h........0....{'................................................................@........+..................................]...*..................................................h............................text...6:.......<.................. ..`.data....c...P...d...B..............@....rsrc...p...........................@....reloc...].......^...f..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH000c.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH000d.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):200704
    Entropy (8bit):6.041117183386059
    Encrypted:false
    SSDEEP:
    MD5:A9A7BA22719F38BC03A914F6EE59AF2F
    SHA1:6AB366CF35E8DDB3E12849AEA2C0619F0DCC154B
    SHA-256:A797AB8E214E2CAF89BF54D3D206D8529C56ACE1D3A27B58A8DE90AFB1350289
    SHA-512:48D6956569C514B6F3F5A6A2F4C305D1E02283F2FDC471566A60C878A6D65808336AF0200940EA3C4E9FD0151B43037B3026F18414AE67DFE20F74FC3B8897F8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:0...........!.....n..........0z............_..........................`.......]....................................... .......@..H.................... ..8*...................................................'...............................text....l.......n.................. ..`.rdata..Rh.......j...r..............@..@.data...............................@....idata..`.... ......................@....rsrc...H....@......................@..@.reloc..P0... ...2..................@..B................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH000e.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH000f.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Category:dropped
    Size (bytes):224016
    Entropy (8bit):6.127382876521697
    Encrypted:false
    SSDEEP:
    MD5:DC925B6D77BA9ECB532E2F6750BE943B
    SHA1:F71215E701401F0DD6FE143E3A630B2E168A4FAC
    SHA-256:D10A197FD53E65DC910CA4AED86CB674C613FF14CE6436D1A445BB27A7A499E0
    SHA-512:EE9C40E695A29DE7E7B8A9FE1CA01EBBA9A8BDC199D46D98C71A4E3ECFEC566F2FC31300A5E9867E8C791B15AC3EBEC076F0710E0F6EEC6C3FDEA3BDE37AB171
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G.:@...........#....."...................0..../!.........................@..............................................@........................P....... ......@................................................................................text.... .......0.................. ..`.data....7...@...@...@..............@....rsrc..............................@....reloc....... ... ... ..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0010.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0011.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Category:dropped
    Size (bytes):203976
    Entropy (8bit):6.198400413601315
    Encrypted:false
    SSDEEP:
    MD5:EB4A8F35A70A887FE32F43A3AA7D4E9A
    SHA1:90FEC763EDFB0B0924700BE6B914292C591A152C
    SHA-256:0FB6EAE2AB36CE6CBEB2DFC45AF5DD0C4BB0DC1E59ABEC84DB4E102C3F2B7249
    SHA-512:18D85F9129DA2D6ED88D6C208C7857F04F09BCD81994CC66AB721C704863EE9369F33575C4F36FD7BFAE58E4A6E65C2CB665DCFAE054C9ED773921B3C07DAAFD
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ay.8...........#.........8..................... ......................... ......................................p...........8...............................4....................................................................................text............................... ..`.data...............................@....rsrc...P...........................@....reloc..4...........................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0012.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0013.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Category:dropped
    Size (bytes):118784
    Entropy (8bit):5.969153911941781
    Encrypted:false
    SSDEEP:
    MD5:92B712DF390367BFA4252A48D9D71D51
    SHA1:417873C8C3F8AEC413CA59DE44D4F560D471520E
    SHA-256:B0980FB78F801A50CC7C5CFB5B653D30C650789F5443A536F05A518DCF4F59A7
    SHA-512:38E119EA005B44CEBFEC6DA4A81AFBCA7A72D54052B8E3B920AF416CF2D87CA9317E3817FDE2175442069173D3AC2BD69BF0BAE700391BC7B813F3C3C78764BF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..8...........#................6........0.....$.................................K..............................pF.......`.......p...1...........................0...............................................b..p............................text............ .......... ....... ..`.rdata.......0... ...0..............@..@.data...F....P.......P..............@....idata.......`.......`..............@....rsrc....1...p...@...p..............@....reloc........... ..................@..B................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH0014.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH001f.TMP (copy)

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A47BC9A8FCA2805A9173EBF7439F466E
    SHA1:7BFAC6CA68026A9D29FB76242913F9322FE97FDC
    SHA-256:6885FB86AA15026D16A24828D339280C89B7A6432AE6049E0F84472325B81C4D
    SHA-512:2F9D5B9A2CEA16B28401D29815562A9D54AEDCDDF73D982811111827E4DF03370E284E3324D5124CDE61AB5C60B4B7FBDF32CA616034A6E5DA2811454D9B0D7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...F...@...F...Z...F..Rich.F..........................PE..L......4...........!.....2...t......@........P.....&................................................................0Y..F....T..P....................................................................................P...............................text....1.......2.................. ..`.rdata..v....P.......6..............@..@.data....E...p.......N..............@....rsrc................|..............@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\SysWOW64\~GLH00bd.TMP

    Download File
    Process:C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Category:dropped
    Size (bytes):1064456
    Entropy (8bit):6.374228268320011
    Encrypted:false
    SSDEEP:
    MD5:12C2755D14B2E51A4BB5CBDFC22ECB11
    SHA1:33F0F5962DBE0E518FE101FA985158D760F01DF1
    SHA-256:3B6CCDB560D7CD4748E992BD82C799ACD1BBCFC922A13830CA381D976FFCCCAF
    SHA-512:4C9B16FB4D787145F6D65A34E1C4D5C6EB07BFF4C313A35F5EFA9DCE5A840C1DA77338C92346B1AD68EEB59EF37EF18A9D6078673C3543656961E656466699CF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<7....PA.....#.........l.......:.......`....X'.........................P.......................................=...............P...Z...........)...............................................................................................text...H........................... ..`.data...xs.......r..................@....rsrc...4\...P...^...0..............@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    Chrome Cache Entry: 208

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with very long lines (784)
    Category:downloaded
    Size (bytes):789
    Entropy (8bit):5.152399224741798
    Encrypted:false
    SSDEEP:
    MD5:99E52CD4EAE8D9F51502E9D4C6811822
    SHA1:5465073812A5E238F2EE94CC4D01494B83749844
    SHA-256:82022DE172E035CC6247C8EDE5BE4F8F381A3D3853F7464F8E1BD81E1CF3B2D9
    SHA-512:D3CF4CD2D7A79AF5876770713BCFD0EA3DF9BAAEC5B3BCF799BAB56FDECC9ED898BD7D07D622FB71D18B27EA58F9BDD6D47DD9D3ED660305B28C75B5718549EA
    Malicious:false
    Reputation:unknown
    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
    Preview:)]}'.["",["nyt connections hints april 26","apple iphone 16 pro max","chicago bears new stadium","puzzle nyt crossword clue","home depot halloween skeleton dog","ravens nfl draft","next gen fallout update","lufthansa 747 rough landing lax"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

    Static File Info

    General

    File type:PE32 executable (GUI) Intel 80386, for MS Windows
    Entropy (8bit):7.997649513723125
    TrID:
    • Win32 Executable (generic) a (10002005/4) 92.68%
    • Wise Installer executable (786502/1) 7.29%
    • Generic Win/DOS Executable (2004/3) 0.02%
    • DOS Executable Generic (2002/1) 0.02%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:LEADER_Setup_2024-03-01.exe
    File size:17'423'501 bytes
    MD5:cec0e50f9de40df587f87c062196880e
    SHA1:3493a1598d40e1895d734811fe5d3bd139c336b3
    SHA256:8a08fb3ae29464fe20a6e9cb38bdaa1a32c5ffb1812b43889f2ee6f403f7a7ad
    SHA512:4f295fa51bc3245aacfecf7c46c6faa18e83b581969bf19eac825a2d8377cedb2ab115d3ce2ff283fadaceb3dd7407f44f3dca835900abb706b5ed275b965acb
    SSDEEP:393216:Mjo/OwH5TLwbHgLcIxkFmYmYJg5DSkySmBbI4355/wB:3mwH5v+gI1FmYRg5DSY4X/A
    TLSH:73073398F4D04B18D2E8B1399EE63F53AFB3C981B0E79E4C7449E5E7C1523A50E105EA
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d.....................................V.......n.......V.......Rich....................PE..L......9.................".........

    File Icon

    Icon Hash:292d27864d330e0c

    Static PE Info

    General

    Entrypoint:0x4021af
    Entrypoint Section:.text
    Digitally signed:false
    Imagebase:0x400000
    Subsystem:windows gui
    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP
    DLL Characteristics:
    Time Stamp:0x3905AD98 [Tue Apr 25 14:37:12 2000 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:4
    OS Version Minor:0
    File Version Major:4
    File Version Minor:0
    Subsystem Version Major:4
    Subsystem Version Minor:0
    Import Hash:5318cd03ef5b5da86800f1483484cfd0

    Entrypoint Preview

    Instruction
    push ebp
    mov ebp, esp
    sub esp, 0000052Ch
    push ebx
    push esi
    push edi
    push 00000001h
    pop esi
    push 00000004h
    mov dword ptr [ebp-18h], esi
    call dword ptr [00404054h]
    call dword ptr [00404050h]
    mov edi, eax
    mov dword ptr [ebp-0Ch], edi
    mov al, byte ptr [edi]
    cmp al, 22h
    jne 00007F1C09273DE6h
    mov al, byte ptr [edi+01h]
    inc edi
    mov dword ptr [ebp-0Ch], edi
    xor ebx, ebx
    cmp al, bl
    je 00007F1C09273D5Fh
    cmp al, 22h
    je 00007F1C09273D5Bh
    mov al, byte ptr [edi+01h]
    inc edi
    mov dword ptr [ebp-0Ch], edi
    jmp 00007F1C09273D41h
    cmp byte ptr [edi], 00000022h
    jne 00007F1C09273D56h
    inc edi
    mov dword ptr [ebp-0Ch], edi
    cmp byte ptr [edi], 00000020h
    jne 00007F1C09273D5Bh
    inc edi
    cmp byte ptr [edi], 00000020h
    je 00007F1C09273D4Ch
    mov dword ptr [ebp-0Ch], edi
    push ebx
    call dword ptr [0040406Ch]
    cmp byte ptr [edi], 0000002Fh
    mov dword ptr [ebp-08h], eax
    jne 00007F1C09273D7Ah
    mov al, byte ptr [edi+01h]
    cmp al, 53h
    je 00007F1C09273D56h
    cmp al, 73h
    jne 00007F1C09273D58h
    mov dword ptr [00405358h], esi
    mov al, byte ptr [edi+01h]
    cmp al, 4Dh
    je 00007F1C09273D56h
    cmp al, 6Dh
    jne 00007F1C09273D5Eh
    cmp byte ptr [edi+02h], 00000034h
    jne 00007F1C09273D58h
    mov dword ptr [004053ECh], esi
    lea eax, dword ptr [ebp-000003ACh]
    push 00000100h
    push eax
    push dword ptr [ebp-08h]
    call dword ptr [00404068h]
    mov cl, byte ptr [edi]
    mov eax, edi
    cmp cl, bl
    je 00007F1C09273D70h
    cmp cl, 0000007Fh
    je 00007F1C09273D6Bh
    mov cl, byte ptr [eax+01h]
    inc eax
    jmp 00007F1C09273D43h
    xor ebx, ebx
    cmp al, bl
    je 00007F1C09273CDFh
    cmp al, 20h

    Rich Headers

    Programming Language:
    • [EXP] VC++ 6.0 SP5 build 8804
    • [LNK] VC++ 6.0 SP5 build 8804

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x47100x69.rdata
    IMAGE_DIRECTORY_ENTRY_IMPORT0x41280x64.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x640.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x40000x128.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x20430x2200761302b39ab31235cd42d0b79170c32aFalse0.6131663602941176data6.0969397214300765IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x40000x7790x800ad7b2bee4063faa2b8395cb0a61a9dbeFalse0.48486328125data4.783466639820325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0x50000x4640x400c7c41671d08e5cd17ae9b12731e3de24False0.501953125DOS executable (block device driver)3.9576586521600507IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .rsrc0x60000x6400x8009388857794faeb46eeb6c1f920434947False0.29296875data2.652743932173284IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_ICON0x60f00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.35618279569892475
    RT_GROUP_ICON0x63d80x14dataEnglishUnited States1.2
    RT_VERSION0x63f00x24cdataEnglishUnited States0.4336734693877551

    Imports

    DLLImport
    KERNEL32.dlllstrcpyA, GetCommandLineA, SetErrorMode, lstrlenA, MulDiv, GetTempFileNameA, GetWindowsDirectoryA, GetModuleFileNameA, GetModuleHandleA, FormatMessageA, lstrcatA, GetLastError, _lwrite, _llseek, GlobalUnlock, _lopen, GlobalAlloc, GlobalFree, _lclose, _lcreat, LoadLibraryA, GetProcAddress, FreeLibrary, OpenFile, GetVersionExA, GetCurrentProcess, WinExec, ExitProcess, _lread, LocalFree, GetTempPathA, GlobalLock
    USER32.dllGetDC, BeginPaint, EndPaint, InvalidateRect, PostQuitMessage, SendMessageA, DefWindowProcA, GetClientRect, CreateWindowExA, DrawTextA, ReleaseDC, SetWindowPos, ShowWindow, UpdateWindow, SetTimer, LoadIconA, wsprintfA, MessageBoxA, ExitWindowsEx, RegisterClassA, LoadCursorA
    GDI32.dllDeleteObject, GetStockObject, GetDeviceCaps, PatBlt, CreateSolidBrush, TextOutA, SetTextColor, SetBkMode, SelectObject, StretchDIBits, CreateFontA, RealizePalette, SelectPalette, CreatePalette
    ADVAPI32.dllOpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA

    Exports

    NameOrdinalAddress
    _MainWndProc@1610x402a09
    _StubFileWrite@1220x402f9f

    Possible Origin

    Language of compilation systemCountry where language is spokenMap
    EnglishUnited States