Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HABICO116N_2024-04-26_16_58_38.139.zip

Overview

General Information

Sample name:HABICO116N_2024-04-26_16_58_38.139.zip
Analysis ID:1432290
MD5:bf6013620744516862c7e1c8b0d661f4
SHA1:d7100e037f52e2544762678668855129c570ed4f
SHA256:d1eeaa34979a2fb23e94fbcb608a19af38690551e3c6db3790a55c11d8e701ed
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)
Creates files in alternative data streams (ADS)
Creates files in the system32 config directory
Found direct / indirect Syscall (likely to bypass EDR)
Installs new ROOT certificates
Overwrites Mozilla Firefox settings
Queries disk data (e.g. SMART data)
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Tries to harvest and steal browser information (history, passwords, etc)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Creates a process in suspended mode (likely to inject code)
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables driver privileges
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Spawns drivers

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 7040 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • svchost.exe (PID: 3504 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6180 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 3896 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 1472 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6412 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6568 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 2120 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 2092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 6664 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • GBPCEF (1).exe (PID: 7100 cmdline: "C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139C:\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe" MD5: 445FD3F523DBB0ABEF07BAE57EEAA273)
    • GBPCEF (1).exe (PID: 1556 cmdline: "C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139C:\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe" admin_service MD5: 445FD3F523DBB0ABEF07BAE57EEAA273)
  • GBPCEF (1).exe (PID: 6312 cmdline: "C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139C:\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe" service_service MD5: 445FD3F523DBB0ABEF07BAE57EEAA273)
    • gbpcefwr64.exe (PID: 1764 cmdline: C:\ProgramData\Temp\gbpcefwr64.exe /verysilent /sp- /norestart /suppressmsgboxes /restartexitcode=3010 /nocancel /accepteula /log="C:\ProgramData\Temp\wslog.dat" MD5: 03FC2E9A9DD01245D1C9C678CAA19D94)
      • gbpcefwr64.tmp (PID: 4204 cmdline: "C:\Windows\TEMP\is-T0PV4.tmp\gbpcefwr64.tmp" /SL5="$303CE,28710489,832512,C:\ProgramData\Temp\gbpcefwr64.exe" /verysilent /sp- /norestart /suppressmsgboxes /restartexitcode=3010 /nocancel /accepteula /log="C:\ProgramData\Temp\wslog.dat" MD5: 6589D4FEDB30987A534406F5785C186A)
        • get_version.exe (PID: 3704 cmdline: "C:\Windows\TEMP\is-5L66I.tmp\get_version.exe" "C:\Program Files\Topaz OFD\Warsaw\features.dat" "C:\Windows\TEMP\is-5L66I.tmp\version.txt" MD5: 48CB673E0AD3A916A4702E6C8E142310)
          • conhost.exe (PID: 4508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • get_version.exe (PID: 68 cmdline: "C:\Windows\TEMP\is-5L66I.tmp\get_version.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\Topaz OFD\Warsaw\features.dat" "C:\Windows\TEMP\is-5L66I.tmp\version.txt" MD5: 48CB673E0AD3A916A4702E6C8E142310)
          • conhost.exe (PID: 5968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 6288 cmdline: "C:\Windows\system32\cmd.exe" /C WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\%'" DELETE MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 6176 cmdline: WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\%'" DELETE MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • cmd.exe (PID: 6820 cmdline: "C:\Windows\system32\cmd.exe" /C WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\Warsaw\\%'" DELETE MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 5924 cmdline: WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\Warsaw\\%'" DELETE MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • cmd.exe (PID: 2912 cmdline: "C:\Windows\system32\cmd.exe" /C WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files (x86)\\Topaz OFD\\Warsaw\\%'" DELETE MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 3720 cmdline: WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files (x86)\\Topaz OFD\\Warsaw\\%'" DELETE MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • _setup64.tmp (PID: 3224 cmdline: helper 105 0x604 MD5: E4211D6D009757C078A9FAC7FF4F03D4)
          • conhost.exe (PID: 1920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • wstlcup.exe (PID: 2408 cmdline: "C:\Program Files\Topaz OFD\Warsaw\wstlcup.exe" MD5: 01ECAA29A7BCB0136F085C510806F16B)
        • corefixer.exe (PID: 2604 cmdline: "C:\Windows\TEMP\is-5L66I.tmp\corefixer.exe" /nocert MD5: 8C6B2A55BC6360F4F5EA5F5049A19065)
        • core.exe (PID: 2240 cmdline: "C:\Program Files\Topaz OFD\Warsaw\core.exe" --install-service MD5: 6178A839082F65CA09FBF5F46875A771)
        • sc.exe (PID: 3568 cmdline: "sc.exe" start "Warsaw Technology" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 3724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 4348 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\TEMP\is-5L66I.tmp\check_core.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 2748 cmdline: cmd /c tasklist /? MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • tasklist.exe (PID: 4060 cmdline: tasklist /? MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
          • tasklist.exe (PID: 1980 cmdline: tasklist /FI "imagename eq core.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
          • find.exe (PID: 4516 cmdline: find /C "core.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
        • cmd.exe (PID: 2720 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\TEMP\is-5L66I.tmp\check_core.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 3904 cmdline: cmd /c tasklist /? MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • tasklist.exe (PID: 1596 cmdline: tasklist /? MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
          • tasklist.exe (PID: 5504 cmdline: tasklist /FI "imagename eq core.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
          • find.exe (PID: 6004 cmdline: find /C "core.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
  • core.exe (PID: 3636 cmdline: "C:\Program Files\Topaz OFD\Warsaw\core.exe" MD5: 6178A839082F65CA09FBF5F46875A771)
    • core.exe (PID: 4464 cmdline: C:\Program Files\Topaz OFD\Warsaw\core.exe MD5: 6178A839082F65CA09FBF5F46875A771)
    • wsffcmgr64.exe (PID: 6716 cmdline: "C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe" MD5: 27715128D3D87A927F30C77BDC00F473)
    • wsffcmgr64.exe (PID: 2656 cmdline: "C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe" MD5: 27715128D3D87A927F30C77BDC00F473)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Modification of IE Registry Settings
Source: Registry Key setAuthor: frack113: Data: Details: 128, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe, ProcessId: 6312, TargetObject: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
Sigma detected: Potential Execution of Sysinternals Tools
Source: Process startedAuthor: Markus Neis: Data: Command: C:\ProgramData\Temp\gbpcefwr64.exe /verysilent /sp- /norestart /suppressmsgboxes /restartexitcode=3010 /nocancel /accepteula /log="C:\ProgramData\Temp\wslog.dat", CommandLine: C:\ProgramData\Temp\gbpcefwr64.exe /verysilent /sp- /norestart /suppressmsgboxes /restartexitcode=3010 /nocancel /accepteula /log="C:\ProgramData\Temp\wslog.dat", CommandLine|base64offset|contains: z{, Image: C:\ProgramData\Temp\gbpcefwr64.exe, NewProcessName: C:\ProgramData\Temp\gbpcefwr64.exe, OriginalFileName: C:\ProgramData\Temp\gbpcefwr64.exe, ParentCommandLine: "C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139C:\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe" service_service, ParentImage: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe, ParentProcessId: 6312, ParentProcessName: GBPCEF (1).exe, ProcessCommandLine: C:\ProgramData\Temp\gbpcefwr64.exe /verysilent /sp- /norestart /suppressmsgboxes /restartexitcode=3010 /nocancel /accepteula /log="C:\ProgramData\Temp\wslog.dat", ProcessId: 1764, ProcessName: gbpcefwr64.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3504, ProcessName: svchost.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw:z2fzaw5z
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\unins000.dat
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-JM0P7.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-QJ10O.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-AIIPN.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LK6MP.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-JNP9A.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-GS9C6.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-0U1PU.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-46BQS.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-3HLCR.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-4828T.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-UNS0G.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-EP3EK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-RQIEJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-4BMCK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-EOEQ4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HB8HP.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-V4FD9.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7NOH4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-A4G7I.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-CD182.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LS2RM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-DMHK4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-G54TJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-1OSP7.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-S5H0H.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-PREND.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-TL64V.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-FLHH1.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-761MJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-4JF0M.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-DJ7QD.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-PGQV8.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-FAMCK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-46HPO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-K8UEM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-M3NNI.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KS05A.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-PQ4GA.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-EN56H.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2F7HQ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SELNG.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-M4GM5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7N3QM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-1299M.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-919DS.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-H1A10.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-S0KNU.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KOOUU.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-0MV76.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-NMSAK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-F5AV1.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-F3DLB.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HV2M7.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SSPGO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-AGO4M.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-H8NKL.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-MPT1M.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-UJ7L5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7TIHM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7EU8J.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-RAB4C.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SRETI.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HFR2O.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-DUU0T.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-L4JD0.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-517JO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-8438K.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-NG6HC.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-19RUB.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-T585E.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-A3J84.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KDOHO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-610F5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2OJ4D.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-RDFPT.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-243TO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-TS8A4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-OP56C.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-P50AP.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-I85L4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-PRSE3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7V354.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-9KKRG.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-175RL.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-FTTDO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-TB7UC.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2MC0P.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-RFLP3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-JAPFR.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-Q6IJT.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7GP3D.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-P3DP5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SF2F5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-H2KBE.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7PA03.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-V2BBJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-DI3QD.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-JAUEN.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HBD7J.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-TUF46.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-9POKC.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-QNGBI.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-E4NUM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-D8QQL.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SB1JP.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2G5JK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-FMBU4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-B7FAP.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KNR3D.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-BH3SO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HQTIK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-G4AKA.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-69J1V.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-F090J.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-61PSV.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-D55QV.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-VOV28.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-B3OT0.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-0VCHS.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LSJ6G.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-P2IB0.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-BI5Q3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-S3S2M.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-UCIJQ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-C26N7.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-3NU1J.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-QLOJM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-O735A.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-J9SHO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SGQL5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-BTL0H.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-1IJSL.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-BETPD.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KM4QE.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KJRLU.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-R6OEI.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-CK4LU.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2LNO6.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-ISCLI.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-PH93P.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-9V2J4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-VF293.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-P7A57.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-T08P3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HAU0N.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2HSS0.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-GA6EL.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-91AV8.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-44GIE.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-S9VJJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-GQHVJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-J5PQV.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-8V501.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-C7O6K.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-8P99Q.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-BRS51.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-TIL59.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-OLVVS.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7V331.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-ACRA5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-OI81U.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LCHU2.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-MPU51.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-DG9B3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-ICFPN.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-EG0JV.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-3BFDH.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-A46SK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-L47KC.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LEC8A.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-NOFUA.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-9Q97G.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-QIHTM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-L8OLS.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LPAT3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2A08E.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-81M5D.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\unins000.msg
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw:oyhagmu138iahnc
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\opt
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\msvcp120.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\msvcr120.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\wsaxbco.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\local.data
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw:bmh6Lm9wemo
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\ws.datr
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Mozilla Firefox\defaults\pref\autoconf_warsaw.js
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\ws.dat
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
Source: unknownHTTPS traffic detected: 13.32.87.91:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.64.174.114:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: dn.gastecnologia.com.br
Source: global trafficDNS traffic detected: DNS query: cloud.gastecnologia.com.br
Source: global trafficDNS traffic detected: DNS query: cef.dnofd.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownHTTPS traffic detected: 13.32.87.91:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.64.174.114:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile created: C:\ProgramData\Temp\cert_temp\cert2.cerJump to dropped file
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile created: C:\ProgramData\Temp\_cd\8709caecdc1b32d6decf74ca8a4fd123.wtcfJump to dropped file
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile created: C:\ProgramData\Temp\_cd\88561e6508a6a0d226eac047f2994a11.wtcfJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\System32\drivers\is-VGUV7.tmpJump to dropped file
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AF0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AF0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AE0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AE0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AD0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AD0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AC0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AC0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AB0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AB0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AA0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AA0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A90000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A90000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A80000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A80000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A70000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A70000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A60000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A60000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A50000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A50000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A40000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A40000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A30000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A30000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A20000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A20000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A10000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A10000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A00000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A00000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AF0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AF0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AE0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AE0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AD0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AD0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AC0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AC0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AB0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AB0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AA0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AA0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A90000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A90000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A80000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A80000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A70000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A70000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A60000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A60000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A50000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A50000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A40000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A40000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A30000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A30000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A20000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A20000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A10000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A10000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A00000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A00000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AF0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AF0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AE0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AE0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AD0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AD0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AC0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AC0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AB0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AB0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AA0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71AA0000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A90000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A90000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A80000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A80000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A70000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A70000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A60000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A60000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A50000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A50000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A40000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A40000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A30000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A30000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A20000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A20000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A10000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A10000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A00000 page execute and read and write
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMemory allocated: 71A00000 page execute and read and write
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\system32\drivers\is-RQ3BD.tmp
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Programs
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Programs\Common
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\SysWOW64\config\systemprofile\Saved Games
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\system32\drivers\is-RQ3BD.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\system32\drivers\is-QRBJL.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\system32\drivers\is-NNSG7.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\system32\drivers\is-VGUV7.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\system32\drivers\is-DAPBJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\system32\drivers\is-O3BFN.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Fonts\is-01DD9.tmp
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Topaz OFD
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Topaz OFD\Warsaw
Source: C:\ProgramData\Temp\gbpcefwr64.exeFile deleted: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess token adjusted: Load Driver
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDriver loaded: \registry\machine\SYSTEM\CurrentControlSet\Services\warsaw_injector
Source: classification engineClassification label: mal88.phis.spyw.evad.winZIP@80/336@3/19
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1920:120:WilError_03
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\mchMixCache$11d7a18$1bbc
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00000614, API $75730bd0
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeMutant created: \Sessions\1\BaseNamedObjects\Global\WS_NBCE4DBB1
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \BaseNamedObjects\mchMixCache$11d7a18$18a8
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001bbc, API $757316c0
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \BaseNamedObjects\Mutex, mAH, Process $000018a8, API $7572f3a0
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2092:120:WilError_03
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\mchMixCache$11d7a18$614
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001bbc, API $71ac0000
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \BaseNamedObjects\Mutex, mAH, Process $000018a8, API $75730bd0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6308:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5156:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6840:120:WilError_03
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \BaseNamedObjects\Mutex, mAH, Process $000018a8, API $71ac0000
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001bbc, API $75731620
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00000614, API $75731620
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4508:120:WilError_03
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \BaseNamedObjects\Global\HDA_SYNC_TASK_MUTEX_
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4332:120:WilError_03
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeMutant created: \BaseNamedObjects\Global\WS_N39B5D60D
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Global\HDA_INSTANCE_CONTROL_user_1
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5968:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3292:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3724:120:WilError_03
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00000614, API $757316c0
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \BaseNamedObjects\Mutex, mAH, Process $000018a8, API $75731620
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeMutant created: \Sessions\1\BaseNamedObjects\Global\wdm203r328905694
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Global\HDA_INSTANCE_CONTROL_user_0
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00000614, API $71ac0000
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeMutant created: \Sessions\1\BaseNamedObjects\Global\WS_N1D1A924E
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001bbc, API $75730bd0
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00000614, API $7572f3a0
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001bbc, API $7572f3a0
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \BaseNamedObjects\Mutex, mAH, Process $000018a8, API $757316c0
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeMutant created: \BaseNamedObjects\Global\HDA_INSTANCE_CONTROL_SYSTEM_1
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile created: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\Instala o do M dulo Adicional de Seguran a CAIXA.log
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\TEMP\is-5L66I.tmp\check_core.bat
Source: C:\ProgramData\Temp\gbpcefwr64.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\ProgramData\Temp\gbpcefwr64.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Process WHERE ExecutablePath like 'C:\\Program Files\\Topaz OFD\\%'
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Process WHERE ExecutablePath like 'C:\\Program Files\\Topaz OFD\\Warsaw\\%'
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Process WHERE ExecutablePath like 'C:\\Program Files (x86)\\Topaz OFD\\Warsaw\\%'
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CORE.EXE'
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId, Name, Description, ExecutablePath FROM Win32_Process WHERE Name LIKE "%firefox.exe"
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile read: C:\Users\user\Desktop\desktop.ini
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe "C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139C:\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe"
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeProcess created: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe "C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139C:\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe" admin_service
Source: unknownProcess created: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe "C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139C:\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe" service_service
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeProcess created: C:\ProgramData\Temp\gbpcefwr64.exe C:\ProgramData\Temp\gbpcefwr64.exe /verysilent /sp- /norestart /suppressmsgboxes /restartexitcode=3010 /nocancel /accepteula /log="C:\ProgramData\Temp\wslog.dat"
Source: C:\ProgramData\Temp\gbpcefwr64.exeProcess created: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp "C:\Windows\TEMP\is-T0PV4.tmp\gbpcefwr64.tmp" /SL5="$303CE,28710489,832512,C:\ProgramData\Temp\gbpcefwr64.exe" /verysilent /sp- /norestart /suppressmsgboxes /restartexitcode=3010 /nocancel /accepteula /log="C:\ProgramData\Temp\wslog.dat"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\Temp\is-5L66I.tmp\get_version.exe "C:\Windows\TEMP\is-5L66I.tmp\get_version.exe" "C:\Program Files\Topaz OFD\Warsaw\features.dat" "C:\Windows\TEMP\is-5L66I.tmp\version.txt"
Source: C:\Windows\Temp\is-5L66I.tmp\get_version.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\Temp\is-5L66I.tmp\get_version.exe "C:\Windows\TEMP\is-5L66I.tmp\get_version.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\Topaz OFD\Warsaw\features.dat" "C:\Windows\TEMP\is-5L66I.tmp\version.txt"
Source: C:\Windows\Temp\is-5L66I.tmp\get_version.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /C WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\%'" DELETE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\%'" DELETE
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /C WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\Warsaw\\%'" DELETE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\Warsaw\\%'" DELETE
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /C WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files (x86)\\Topaz OFD\\Warsaw\\%'" DELETE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files (x86)\\Topaz OFD\\Warsaw\\%'" DELETE
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\Temp\is-5L66I.tmp\_isetup\_setup64.tmp helper 105 0x604
Source: C:\Windows\Temp\is-5L66I.tmp\_isetup\_setup64.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Program Files\Topaz OFD\Warsaw\wstlcup.exe "C:\Program Files\Topaz OFD\Warsaw\wstlcup.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\Temp\is-5L66I.tmp\corefixer.exe "C:\Windows\TEMP\is-5L66I.tmp\corefixer.exe" /nocert
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeProcess created: C:\ProgramData\Temp\gbpcefwr64.exe C:\ProgramData\Temp\gbpcefwr64.exe /verysilent /sp- /norestart /suppressmsgboxes /restartexitcode=3010 /nocancel /accepteula /log="C:\ProgramData\Temp\wslog.dat"
Source: C:\ProgramData\Temp\gbpcefwr64.exeProcess created: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp "C:\Windows\TEMP\is-T0PV4.tmp\gbpcefwr64.tmp" /SL5="$303CE,28710489,832512,C:\ProgramData\Temp\gbpcefwr64.exe" /verysilent /sp- /norestart /suppressmsgboxes /restartexitcode=3010 /nocancel /accepteula /log="C:\ProgramData\Temp\wslog.dat"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Program Files\Topaz OFD\Warsaw\core.exe "C:\Program Files\Topaz OFD\Warsaw\core.exe" --install-service
Source: unknownProcess created: C:\Program Files\Topaz OFD\Warsaw\core.exe "C:\Program Files\Topaz OFD\Warsaw\core.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\sc.exe "sc.exe" start "Warsaw Technology"
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\TEMP\is-5L66I.tmp\check_core.bat
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c tasklist /?
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /?
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "imagename eq core.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /C "core.exe"
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess created: C:\Program Files\Topaz OFD\Warsaw\core.exe C:\Program Files\Topaz OFD\Warsaw\core.exe
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\Temp\is-5L66I.tmp\get_version.exe "C:\Windows\TEMP\is-5L66I.tmp\get_version.exe" "C:\Program Files\Topaz OFD\Warsaw\features.dat" "C:\Windows\TEMP\is-5L66I.tmp\version.txt"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\Temp\is-5L66I.tmp\get_version.exe "C:\Windows\TEMP\is-5L66I.tmp\get_version.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\Topaz OFD\Warsaw\features.dat" "C:\Windows\TEMP\is-5L66I.tmp\version.txt"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /C WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\%'" DELETE
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /C WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\Warsaw\\%'" DELETE
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /C WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files (x86)\\Topaz OFD\\Warsaw\\%'" DELETE
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\Temp\is-5L66I.tmp\_isetup\_setup64.tmp helper 105 0x604
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\TEMP\is-5L66I.tmp\check_core.bat
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\%'" DELETE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c tasklist /?
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /?
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "imagename eq core.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /C "core.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\Warsaw\\%'" DELETE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files (x86)\\Topaz OFD\\Warsaw\\%'" DELETE
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess created: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe "C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Program Files\Topaz OFD\Warsaw\wstlcup.exe "C:\Program Files\Topaz OFD\Warsaw\wstlcup.exe"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\Temp\is-5L66I.tmp\corefixer.exe "C:\Windows\TEMP\is-5L66I.tmp\corefixer.exe" /nocert
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Program Files\Topaz OFD\Warsaw\core.exe "C:\Program Files\Topaz OFD\Warsaw\core.exe" --install-service
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\sc.exe "sc.exe" start "Warsaw Technology"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\TEMP\is-5L66I.tmp\check_core.bat
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\TEMP\is-5L66I.tmp\check_core.bat
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess created: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe "C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe"
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess created: C:\Program Files\Topaz OFD\Warsaw\core.exe C:\Program Files\Topaz OFD\Warsaw\core.exe
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess created: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe "C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c tasklist /?
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "imagename eq core.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /C "core.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /?
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c tasklist /?
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "imagename eq core.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /C "core.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /?
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess created: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe "C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe"
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usosvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: updatepolicy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usocoreps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usoapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dll
Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dll
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: credui.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: msimg32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: msasn1.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wtsapi32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: version.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wininet.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wsock32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: edputil.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: urlmon.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: appresolver.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: slc.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: sppc.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: mpr.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: pcacli.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: sfc_os.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: mscms.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: coloradapterclient.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: firewallapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: fwbase.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: winhttp.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: winnsi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: dpapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: schannel.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: ntasn1.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: ncrypt.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: credui.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: msimg32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: msasn1.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wtsapi32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: version.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wininet.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wsock32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: credui.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: msimg32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: msasn1.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wtsapi32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: version.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wininet.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wsock32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: winsta.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: firewallapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: fwbase.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeSection loaded: apphelp.dll
Source: C:\ProgramData\Temp\gbpcefwr64.exeSection loaded: version.dll
Source: C:\ProgramData\Temp\gbpcefwr64.exeSection loaded: netapi32.dll
Source: C:\ProgramData\Temp\gbpcefwr64.exeSection loaded: netutils.dll
Source: C:\ProgramData\Temp\gbpcefwr64.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\Temp\gbpcefwr64.exeSection loaded: apphelp.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: mpr.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: version.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: netapi32.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: winhttp.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: netutils.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: uxtheme.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: winsta.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: textinputframework.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: coreuicomponents.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: coremessaging.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: ntmarta.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: coremessaging.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: wintypes.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: wintypes.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: wintypes.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: windows.storage.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: wldp.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: profapi.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: shfolder.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: apphelp.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: textshaping.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: wbemcomn.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: sxs.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: napinsp.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: pnrpnsp.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: wshbth.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: nlaapi.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: mswsock.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: dnsapi.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: winrnr.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: fwpuclnt.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: rasadhlp.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: amsi.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: userenv.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: napinsp.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: pnrpnsp.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: wshbth.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: nlaapi.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: winrnr.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: fwpuclnt.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: dwmapi.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: napinsp.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: pnrpnsp.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: wshbth.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: nlaapi.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: winrnr.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: fwpuclnt.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: sspicli.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: explorerframe.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: sfc.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: sfc_os.dll
Source: C:\Windows\Temp\is-5L66I.tmp\get_version.exeSection loaded: apphelp.dll
Source: C:\Windows\Temp\is-5L66I.tmp\get_version.exeSection loaded: cryptsp.dll
Source: C:\Windows\Temp\is-5L66I.tmp\get_version.exeSection loaded: rsaenh.dll
Source: C:\Windows\Temp\is-5L66I.tmp\get_version.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\is-5L66I.tmp\get_version.exeSection loaded: cryptsp.dll
Source: C:\Windows\Temp\is-5L66I.tmp\get_version.exeSection loaded: rsaenh.dll
Source: C:\Windows\Temp\is-5L66I.tmp\get_version.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\Temp\is-5L66I.tmp\_isetup\_setup64.tmpSection loaded: ntmarta.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: dwrite.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: firewallapi.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: fwbase.dll
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpSection loaded: fwpolicyiomgr.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
Source: C:\Program Files\Topaz OFD\Warsaw\wstlcup.exeSection loaded: apphelp.dll
Source: C:\Program Files\Topaz OFD\Warsaw\wstlcup.exeSection loaded: msasn1.dll
Source: C:\Program Files\Topaz OFD\Warsaw\wstlcup.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\is-5L66I.tmp\corefixer.exeSection loaded: apphelp.dll
Source: C:\Windows\Temp\is-5L66I.tmp\corefixer.exeSection loaded: ntmarta.dll
Source: C:\Windows\Temp\is-5L66I.tmp\corefixer.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\is-5L66I.tmp\corefixer.exeSection loaded: uxtheme.dll
Source: C:\Windows\Temp\is-5L66I.tmp\corefixer.exeSection loaded: firewallapi.dll
Source: C:\Windows\Temp\is-5L66I.tmp\corefixer.exeSection loaded: dnsapi.dll
Source: C:\Windows\Temp\is-5L66I.tmp\corefixer.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\is-5L66I.tmp\corefixer.exeSection loaded: fwbase.dll
Source: C:\Windows\Temp\is-5L66I.tmp\corefixer.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: userenv.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: vcruntime140_1.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: vcruntime140_1.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: msasn1.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: rsaenh.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: wldp.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: userenv.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: vcruntime140_1.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: vcruntime140_1.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: msasn1.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: rsaenh.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: wldp.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: gpapi.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: version.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: wsock32.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: mswsock.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: firewallapi.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: dnsapi.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: fwbase.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: fltlib.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: ntmarta.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: wininet.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: sspicli.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: winsta.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: profapi.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: winhttp.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: dpapi.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: userenv.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /?
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpWindow found: window name: TMainForm
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw:z2fzaw5z
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\unins000.dat
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-JM0P7.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-QJ10O.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-AIIPN.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LK6MP.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-JNP9A.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-GS9C6.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-0U1PU.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-46BQS.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-3HLCR.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-4828T.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-UNS0G.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-EP3EK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-RQIEJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-4BMCK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-EOEQ4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HB8HP.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-V4FD9.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7NOH4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-A4G7I.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-CD182.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LS2RM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-DMHK4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-G54TJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-1OSP7.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-S5H0H.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-PREND.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-TL64V.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-FLHH1.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-761MJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-4JF0M.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-DJ7QD.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-PGQV8.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-FAMCK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-46HPO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-K8UEM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-M3NNI.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KS05A.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-PQ4GA.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-EN56H.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2F7HQ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SELNG.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-M4GM5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7N3QM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-1299M.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-919DS.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-H1A10.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-S0KNU.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KOOUU.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-0MV76.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-NMSAK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-F5AV1.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-F3DLB.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HV2M7.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SSPGO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-AGO4M.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-H8NKL.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-MPT1M.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-UJ7L5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7TIHM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7EU8J.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-RAB4C.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SRETI.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HFR2O.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-DUU0T.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-L4JD0.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-517JO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-8438K.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-NG6HC.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-19RUB.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-T585E.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-A3J84.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KDOHO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-610F5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2OJ4D.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-RDFPT.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-243TO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-TS8A4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-OP56C.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-P50AP.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-I85L4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-PRSE3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7V354.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-9KKRG.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-175RL.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-FTTDO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-TB7UC.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2MC0P.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-RFLP3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-JAPFR.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-Q6IJT.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7GP3D.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-P3DP5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SF2F5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-H2KBE.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7PA03.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-V2BBJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-DI3QD.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-JAUEN.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HBD7J.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-TUF46.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-9POKC.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-QNGBI.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-E4NUM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-D8QQL.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SB1JP.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2G5JK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-FMBU4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-B7FAP.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KNR3D.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-BH3SO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HQTIK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-G4AKA.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-69J1V.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-F090J.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-61PSV.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-D55QV.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-VOV28.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-B3OT0.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-0VCHS.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LSJ6G.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-P2IB0.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-BI5Q3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-S3S2M.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-UCIJQ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-C26N7.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-3NU1J.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-QLOJM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-O735A.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-J9SHO.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-SGQL5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-BTL0H.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-1IJSL.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-BETPD.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KM4QE.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-KJRLU.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-R6OEI.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-CK4LU.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2LNO6.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-ISCLI.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-PH93P.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-9V2J4.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-VF293.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-P7A57.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-T08P3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-HAU0N.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2HSS0.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-GA6EL.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-91AV8.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-44GIE.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-S9VJJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-GQHVJ.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-J5PQV.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-8V501.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-C7O6K.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-8P99Q.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-BRS51.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-TIL59.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-OLVVS.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-7V331.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-ACRA5.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-OI81U.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LCHU2.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-MPU51.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-DG9B3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-ICFPN.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-EG0JV.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-3BFDH.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-A46SK.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-L47KC.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LEC8A.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-NOFUA.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-9Q97G.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-QIHTM.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-L8OLS.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-LPAT3.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-2A08E.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\is-81M5D.tmp
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDirectory created: C:\Program Files\Topaz OFD\Warsaw\unins000.msg
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw:oyhagmu138iahnc
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\opt
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\msvcp120.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\msvcr120.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\wsaxbco.dll
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\local.data
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw:bmh6Lm9wemo
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\ws.datr
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Mozilla Firefox\defaults\pref\autoconf_warsaw.js
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDirectory created: C:\Program Files\Topaz OFD\Warsaw\ws.dat
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
Source: HABICO116N_2024-04-26_16_58_38.139.zipStatic file information: File size 3903480 > 1048576

Persistence and Installation Behavior

barindex
Creates files in the system32 config directory
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Topaz OFD
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Topaz OFD\Warsaw
Installs new ROOT certificates
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\869616C6F29BFF379B12001B54D9CC3898D08759 Blob
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\869616C6F29BFF379B12001B54D9CC3898D08759 Blob
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\869616C6F29BFF379B12001B54D9CC3898D08759 Blob
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\869616C6F29BFF379B12001B54D9CC3898D08759 Blob
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-69J1V.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-C7O6K.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-4JF0M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-NG6HC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-UCIJQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-PGMJ9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-DMHK4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-9T1MH.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-8P6T2.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-9V2J4.tmpJump to dropped file
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeFile created: C:\Program Files\Topaz OFD\Warsaw\msvcr120.dllJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-V78PE.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-V2BBJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-NQ6ER.tmpJump to dropped file
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeFile created: C:\Program Files\Topaz OFD\Warsaw\msvcp120.dllJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-M3NNI.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-RFLP3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-S0KNU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-CD182.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-LK6MP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-UJ7L5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-FVT0H.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-9MEU6.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-OVEKC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-K5OLE.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\System32\drivers\is-QRBJL.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-U3JD8.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-EP3EK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-81M5D.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-243TO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-LH7AK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-5Q6CC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-GQHVJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-KNS80.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-PCK64.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-610F5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-5L4LQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-S1AQH.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-J35ES.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-G4AKA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-HFR2O.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-44GIE.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-GBV4Q.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-TIL59.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-P3DP5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-F54EF.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-SUDDL.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-GTJ3V.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-1299M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-GS9C6.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-HN243.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-3HHPB.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-A3DG0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-VSNQB.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-QLOJM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-AIIPN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-GQLAS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-7V331.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-ACRA5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-7JJPM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-MED3Q.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-I05AI.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-3HLCR.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-OI81U.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-DDQS8.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-NHJKQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-LEC8A.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-7GP3D.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-SNI07.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-S5H0H.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-OD80C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-A6RUS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-V4FD9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-VF293.tmpJump to dropped file
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\msvcr120.dllJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-UB020.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-J6E0V.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-H2KBE.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-F3DLB.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-1D0ID.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-LS2RM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-ARARM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-SB1JP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-S8JMT.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-HQTIK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-PEVQJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-VDCES.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-6GDPM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-4N8P9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-QPS0A.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-8D5J6.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-KNACJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-2A08E.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-2G5JK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-PRSE3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-JAUEN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-Q6BO0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-3BFDH.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-HLK4M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-BH3SO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-L4JD0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-JQ9T3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-8HES7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-ICFPN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-F0IEN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-KS05A.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-A46SK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-M4GM5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-919DS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-P7A57.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-J3TRQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-I859F.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-A3J84.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-E743S.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-DUU0T.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-HB8HP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-245ML.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-8V501.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-UNS0G.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-517JO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-BRS51.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-9KKRG.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-3NU1J.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-QNGBI.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-7PGAC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-OJ526.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-4UJCA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-LRJJ4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-7TIHM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-PJLAC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-D8QQL.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-NMSAK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-RNJ8M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-PH93P.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-B7FAP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-NJRSC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-T9BJK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-257GR.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-FMBU4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-JAPFR.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-9BRTU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-Q6IJT.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-PTTR1.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-I85L4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-DC0KH.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-2F7HQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-GSI34.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-H8NKL.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-RQIEJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-46HPO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-47H94.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-VOV28.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-U4KRV.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-7BSLN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-KDOHO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-OLVVS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-7NOH4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-TS8A4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-F237R.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-761MJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-KNR3D.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-LPAT3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-EOEQ4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-PQ4GA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-H1A10.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-79IGP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-TUF46.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\System32\drivers\is-O3BFN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-7IO91.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\get_version.exeJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-9POKC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-2MC0P.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-LSJ6G.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-RAB4C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-ISCLI.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-DI3QD.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-0N7L2.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-T585E.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-S9VJJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-A1JBC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-L47KC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-EC67U.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-RP4UP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-5NMFO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-DG9B3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\System32\drivers\is-NNSG7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-A4G7I.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-9AID7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-SSPGO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-1OSP7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-SELNG.tmpJump to dropped file
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile created: C:\ProgramData\Temp\_cd\c054fe2fb26941c1a6cca23251b6efc3.wtcfJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-H8KK3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-7PA03.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-FAMCK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-261PJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-NS7KP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-AEBSU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-0MV76.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-19RUB.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-4TV0M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-PREND.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-O6F2S.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-SF2F5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-C26N7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-8438K.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-ST47B.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-F5AV1.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-R6OEI.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-MRJTF.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-O55NU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-4BMCK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-00JJP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-FTTDO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-EN56H.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-NOFUA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-2HSS0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-J422F.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-S3S2M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-C4DKQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-91AV8.tmpJump to dropped file
Source: C:\ProgramData\Temp\gbpcefwr64.exeFile created: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-DDUV9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-SRETI.tmpJump to dropped file
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\msvcp120.dllJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-7EU8J.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-TL64V.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-2OJ4D.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-QTR63.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-B3OT0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-7037H.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-2LNO6.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-VJTAG.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-L8OLS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-HAU0N.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-KH558.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-EG0JV.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-46BQS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-0U1PU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-RDFPT.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-K8UEM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-I9PHC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-GV6UC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-FLHH1.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-175RL.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\System32\drivers\is-RQ3BD.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-TB7UC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-T08P3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-2R39D.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-31L3I.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-0PT5M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-AGO4M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-EBS3T.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-9VM8C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-E4NUM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-2KIRS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-NONPG.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-Q260F.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-4828T.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-KOOUU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-N40L8.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-RSD7C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-MPT1M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-9Q97G.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-E76FA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-ICBSJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-OP56C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-D55QV.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-61PSV.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-3BN84.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-HV2M7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-MPU51.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-5N7BM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-7V354.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-J5PQV.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-1UP2T.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-CK4LU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-69B7M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-DJ7QD.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-G54TJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-PGQV8.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-8GD0B.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-QJ10O.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-8P99Q.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-FIL7C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-5V3FO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-JNP9A.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-0VCHS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-HBD7J.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-F090J.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-HENGA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-P2IB0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-7N3QM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-BI5Q3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files (x86)\Topaz OFD\Warsaw\is-5ERA9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw\is-P50AP.tmpJump to dropped file
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile created: C:\ProgramData\Temp\_cd\c054fe2fb26941c1a6cca23251b6efc3.wtcfJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-OD80C.tmpJump to dropped file
Source: C:\ProgramData\Temp\gbpcefwr64.exeFile created: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-PGMJ9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-A6RUS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-8P6T2.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-UB020.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-V78PE.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-47H94.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-NQ6ER.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-7BSLN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-QTR63.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-FVT0H.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-9MEU6.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-79IGP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\System32\drivers\is-O3BFN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-I9PHC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-7IO91.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-GV6UC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\System32\drivers\is-QRBJL.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-U3JD8.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\System32\drivers\is-RQ3BD.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-4N8P9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\get_version.exeJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-LH7AK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-QPS0A.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-5Q6CC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-8D5J6.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-31L3I.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-0PT5M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-0N7L2.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-KNS80.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-Q6BO0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-2KIRS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-NONPG.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-A1JBC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-EC67U.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-RP4UP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-5NMFO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\System32\drivers\is-NNSG7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-N40L8.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-PCK64.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-RSD7C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-F0IEN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-S1AQH.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-E76FA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-J3TRQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-I859F.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-H8KK3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-ICBSJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-261PJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-NS7KP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-245ML.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-1UP2T.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-69B7M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-7PGAC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-4TV0M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-OJ526.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-4UJCA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-PJLAC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-3HHPB.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-8GD0B.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-RNJ8M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-VSNQB.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-MED3Q.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-7JJPM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-I05AI.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\is-9BRTU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Windows\Temp\is-5L66I.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile created: C:\ProgramData\Temp\_cd\c054fe2fb26941c1a6cca23251b6efc3.wtcfJump to dropped file
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\warsaw_injector
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\System32\sc.exe "sc.exe" start "Warsaw Technology"

Hooking and other Techniques for Hiding and Protection

barindex
Creates files in alternative data streams (ADS)
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpFile created: C:\Program Files\Topaz OFD\Warsaw:z2fzaw5z
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Temp\gbpcefwr64.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: FirmwareTableInformation
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Tries to detect virtualization through RDTSC time measurements
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeRDTSC instruction interceptor: First address: 7FFF268AFB2D second address: 7FFF268AFB32 instructions: 0x00000000 rdtsc 0x00000002 inc ecx 0x00000003 rol cl, 1 0x00000005 rdtsc
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeRDTSC instruction interceptor: First address: 7FFF268CF505 second address: 7FFF267C3251 instructions: 0x00000000 rdtsc 0x00000002 cmp esp, 27F7099Fh 0x00000008 popfd 0x00000009 setle dl 0x0000000c dec eax 0x0000000d cdq 0x0000000e jmp 00007F6E1CA0AFB7h 0x00000013 inc ecx 0x00000014 pop eax 0x00000015 inc bp 0x00000017 cmovs ebp, ebx 0x0000001a rdtsc
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeRDTSC instruction interceptor: First address: 7FFF268CF505 second address: 7FFF267C3251 instructions: 0x00000000 rdtsc 0x00000002 cmp esp, 27F7099Fh 0x00000008 popfd 0x00000009 setle dl 0x0000000c dec eax 0x0000000d cdq 0x0000000e jmp 00007F6E1C4EEDC7h 0x00000013 inc ecx 0x00000014 pop eax 0x00000015 inc bp 0x00000017 cmovs ebp, ebx 0x0000001a rdtsc
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeRDTSC instruction interceptor: First address: 7FFF268CF505 second address: 7FFF267C3251 instructions: 0x00000000 rdtsc 0x00000002 cmp esp, 27F7099Fh 0x00000008 popfd 0x00000009 setle dl 0x0000000c dec eax 0x0000000d cdq 0x0000000e jmp 00007F6E1CF86867h 0x00000013 inc ecx 0x00000014 pop eax 0x00000015 inc bp 0x00000017 cmovs ebp, ebx 0x0000001a rdtsc
Tries to evade analysis by execution special instruction (VM detection)
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSpecial instruction interceptor: First address: 7FFF268E5B3F instructions rdtsc caused by: RDTSC with Trap Flag (TF)
Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-69J1V.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-C7O6K.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-NG6HC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-4JF0M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-PGMJ9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-DMHK4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-9T1MH.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-8P6T2.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-9V2J4.tmpJump to dropped file
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\msvcr120.dllJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-V78PE.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-V2BBJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-NQ6ER.tmpJump to dropped file
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\msvcp120.dllJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-M3NNI.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-RFLP3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-S0KNU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-CD182.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-LK6MP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-UJ7L5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-FVT0H.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-9MEU6.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-OVEKC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-K5OLE.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\System32\drivers\is-QRBJL.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-U3JD8.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-EP3EK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-81M5D.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-243TO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-LH7AK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-5Q6CC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-GQHVJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-KNS80.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-PCK64.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-5L4LQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-610F5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-S1AQH.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-J35ES.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-HFR2O.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-G4AKA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-44GIE.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-GBV4Q.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-TIL59.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-P3DP5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-F54EF.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-GTJ3V.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-SUDDL.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-1299M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-GS9C6.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-HN243.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-A3DG0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-3HHPB.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-VSNQB.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-QLOJM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-AIIPN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-GQLAS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-7V331.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-ACRA5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-I05AI.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-MED3Q.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-7JJPM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-3HLCR.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-OI81U.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-DDQS8.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-NHJKQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-LEC8A.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-7GP3D.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-SNI07.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-S5H0H.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-OD80C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-V4FD9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-A6RUS.tmpJump to dropped file
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\msvcr120.dllJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-VF293.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-UB020.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-J6E0V.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-H2KBE.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-F3DLB.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-1D0ID.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-LS2RM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-ARARM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-SB1JP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-S8JMT.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-PEVQJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-HQTIK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-VDCES.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-6GDPM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-4N8P9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-QPS0A.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-8D5J6.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-KNACJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-2A08E.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-2G5JK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-PRSE3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-JAUEN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-Q6BO0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-3BFDH.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-HLK4M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-L4JD0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-BH3SO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-JQ9T3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-8HES7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-ICFPN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-F0IEN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-KS05A.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-A46SK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-919DS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-M4GM5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-P7A57.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-J3TRQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-I859F.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-E743S.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-A3J84.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-DUU0T.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-HB8HP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-245ML.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-8V501.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-517JO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-UNS0G.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-BRS51.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-9KKRG.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-7PGAC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-QNGBI.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-3NU1J.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-OJ526.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-LRJJ4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-7TIHM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-4UJCA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-D8QQL.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-NMSAK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-PJLAC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-RNJ8M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-PH93P.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-B7FAP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-NJRSC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-T9BJK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-257GR.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-FMBU4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-JAPFR.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-Q6IJT.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-9BRTU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-PTTR1.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-I85L4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-DC0KH.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-2F7HQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-GSI34.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-H8NKL.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-RQIEJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-46HPO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-47H94.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-VOV28.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-U4KRV.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-7BSLN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-KDOHO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-OLVVS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-7NOH4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-TS8A4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-F237R.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-761MJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-KNR3D.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-EOEQ4.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-H1A10.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-PQ4GA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-TUF46.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-79IGP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\System32\drivers\is-O3BFN.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-7IO91.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-9POKC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-RAB4C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-LSJ6G.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-2MC0P.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-ISCLI.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-0N7L2.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-DI3QD.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-T585E.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-S9VJJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-A1JBC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-L47KC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-RP4UP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-EC67U.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-5NMFO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\System32\drivers\is-NNSG7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-DG9B3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-A4G7I.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-9AID7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-SSPGO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-SELNG.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-1OSP7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-H8KK3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-7PA03.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-FAMCK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-261PJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-AEBSU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-NS7KP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-0MV76.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-19RUB.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-PREND.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-4TV0M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-O6F2S.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-8438K.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-C26N7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-SF2F5.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-ST47B.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-F5AV1.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-R6OEI.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-MRJTF.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-O55NU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-4BMCK.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-00JJP.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-FTTDO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-EN56H.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-NOFUA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-2HSS0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-J422F.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-S3S2M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-C4DKQ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-91AV8.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-DDUV9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-SRETI.tmpJump to dropped file
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\msvcp120.dllJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-7EU8J.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-TL64V.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-2OJ4D.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-QTR63.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-B3OT0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-7037H.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-2LNO6.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-VJTAG.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-L8OLS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-HAU0N.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-KH558.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-EG0JV.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-46BQS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-0U1PU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-K8UEM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-RDFPT.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-FLHH1.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-I9PHC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-GV6UC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-175RL.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\System32\drivers\is-RQ3BD.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-TB7UC.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-T08P3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-2R39D.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-0PT5M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-AGO4M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-EBS3T.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-9VM8C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-E4NUM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-2KIRS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-NONPG.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-KOOUU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-4828T.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-Q260F.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-N40L8.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-RSD7C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-MPT1M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-9Q97G.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-E76FA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-ICBSJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-OP56C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-D55QV.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-61PSV.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-3BN84.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-HV2M7.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-MPU51.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-5N7BM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-7V354.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-J5PQV.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-1UP2T.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-CK4LU.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-69B7M.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-DJ7QD.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-G54TJ.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-PGQV8.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Windows\Temp\is-5L66I.tmp\is-8GD0B.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-QJ10O.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-8P99Q.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-5V3FO.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-FIL7C.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-JNP9A.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-0VCHS.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-HBD7J.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-F090J.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-HENGA.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-P2IB0.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-7N3QM.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files (x86)\Topaz OFD\Warsaw\is-5ERA9.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-BI5Q3.tmpJump to dropped file
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpDropped PE file which has not been started: C:\Program Files\Topaz OFD\Warsaw\is-P50AP.tmpJump to dropped file
Source: C:\Windows\System32\svchost.exe TID: 6208Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp TID: 2900Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp TID: 2900Thread sleep time: -36000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformation
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeFile opened: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeSystem information queried: ModuleInformation
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeProcess information queried: ProcessInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess queried: DebugPort
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess queried: DebugObjectHandle
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess queried: DebugPort
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess queried: DebugObjectHandle
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeProcess token adjusted: Debug
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess token adjusted: Debug
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeProcess token adjusted: Debug
Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeNtQuerySystemInformation: Indirect: 0x7FFF268E5B8F
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeNtLoadDriver: Indirect: 0x7FFF28509446
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeNtQueryInformationProcess: Indirect: 0x7FFF268E5B63
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeNtQuerySystemInformation: Indirect: 0x7FFF268E5B84
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeNtQuerySystemInformation: Indirect: 0x7FFF268E5BA5
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeProcess created: C:\ProgramData\Temp\gbpcefwr64.exe C:\ProgramData\Temp\gbpcefwr64.exe /verysilent /sp- /norestart /suppressmsgboxes /restartexitcode=3010 /nocancel /accepteula /log="C:\ProgramData\Temp\wslog.dat"
Source: C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmpProcess created: C:\Windows\Temp\is-5L66I.tmp\_isetup\_setup64.tmp helper 105 0x604
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\%'" DELETE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files\\Topaz OFD\\Warsaw\\%'" DELETE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC PROCESS WHERE "ExecutablePath like 'C:\\Program Files (x86)\\Topaz OFD\\Warsaw\\%'" DELETE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c tasklist /?
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "imagename eq core.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /C "core.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /?
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c tasklist /?
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "imagename eq core.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /C "core.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /?
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeQueries volume information: C:\Program Files\Topaz OFD\Warsaw VolumeInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeQueries volume information: C:\Program Files\Topaz OFD\Warsaw VolumeInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeQueries volume information: C:\Program Files\Topaz OFD\Warsaw VolumeInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeQueries volume information: C:\Program Files\Topaz OFD\Warsaw VolumeInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeQueries volume information: C:\Program Files\Topaz OFD\Warsaw\wslbmid.dll VolumeInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeQueries volume information: C:\Program Files\Topaz OFD\Warsaw\wslbmid.dll VolumeInformation
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeQueries volume information: C:\Program Files\Topaz OFD\Warsaw VolumeInformation
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeQueries volume information: C:\Program Files\Topaz OFD\Warsaw VolumeInformation
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Changes security center settings (notifications, updates, antivirus, firewall)
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
Overwrites Mozilla Firefox settings
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

barindex
Queries disk data (e.g. SMART data)
Source: C:\Program Files\Topaz OFD\Warsaw\core.exeDevice IO: \Device\Harddisk0\DR0
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\pkcs11.txt
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile opened: C:\Users\user\AppData\Local\Packages\Mozilla.Firefox_n80bbvh6b1yt2\LocalCache\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m8f4v4pw.default\cert8.db
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m8f4v4pw.default\cert9.db
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts11
Windows Management Instrumentation		1
Scripting		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		1
OS Credential Dumping		2
File and Directory Discovery		Remote Services1
Browser Session Hijacking		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Service Execution		2
LSASS Driver		2
LSASS Driver		1
Abuse Elevation Control Mechanism		LSASS Memory335
System Information Discovery		Remote Desktop Protocol1
Data from Local System		1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		1
Install Root Certificate		Security Account Manager44
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron12
Windows Service		12
Windows Service		1
DLL Side-Loading		NTDS14
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Process Injection		1
File Deletion		LSA Secrets2
Process Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts143
Masquerading		Cached Domain Credentials2
System Owner/User Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items14
Virtualization/Sandbox Evasion		DCSync1
Remote System Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
Process Injection		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
NTFS File Attributes		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Rundll32		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Security-Lsalookup-L2-1-1.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Security-Lsalookup-L2-1-1.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-file-l2-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-file-l2-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-file-l2-1-1.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-file-l2-1-1.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-louserzation-obsolete-l1-2-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-louserzation-obsolete-l1-2-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-string-l2-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-string-l2-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-security-provider-L1-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-security-provider-L1-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-base-util-l1-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-base-util-l1-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-com-l1-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-com-l1-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-comm-l1-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-comm-l1-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-console-l1-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-console-l1-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-datetime-l1-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-datetime-l1-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-debug-l1-1-1.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-debug-l1-1-1.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-fibers-l1-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-fibers-l1-1-0.dll (copy)0%VirustotalBrowse
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-file-l1-1-0.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-file-l1-1-0.dll (copy)0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
dn.gastecnologia.com.br0%VirustotalBrowse
cloud.gastecnologia.com.br0%VirustotalBrowse
cef.dnofd.com0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cef.dnofd.com
18.239.225.30
truefalseunknown
dn.gastecnologia.com.br
13.32.87.91
truefalseunknown
d89qlgit85ox9.cloudfront.net
18.64.174.114
truefalse
    		high
    cloud.gastecnologia.com.br
    		unknown
    		unknownfalseunknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    13.32.87.91
    		dn.gastecnologia.com.brUnited States
    		16509AMAZON-02USfalse
    18.64.174.114
    		d89qlgit85ox9.cloudfront.netUnited States
    		3MIT-GATEWAYSUSfalse
    23.204.76.112
    		unknownUnited States
    		20940AKAMAI-ASN1EUfalse

    Private

    IP
    127.0.0.1

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1432290
    Start date and time:2024-04-26 19:34:05 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:58
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:1
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Sample name:HABICO116N_2024-04-26_16_58_38.139.zip
    Detection:MAL
    Classification:mal88.phis.spyw.evad.winZIP@80/336@3/19
    Cookbook Comments:
    • Found application associated with file extension: .zip

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtProtectVirtualMemory calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • Report size getting too big, too many NtSetInformationFile calls found.

    Created / dropped Files

    C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0A2F5A92F48D5AF46952C53E84EA2813
    SHA1:806D17DE64E801A826E43B6A0BC2FA4493CF87FA
    SHA-256:0A2E0B47370EC858936024B8B0A7699165E643E918E7F872D4BA56891C7C57D5
    SHA-512:205DFA5D733AE0ABB0A7C34BB26A0F999FC74227CABBA8658D801724CB0E9B98C2AF289A4FB2FFF1CD8EF9F98D9EAC6522C8106F68392CBBA8099837FB9B536C
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......;.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@...............A...T...T..................d..........................$...........RSDS..g...L.)..*...<....api-ms-win-core-heap-obsolete-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....g...L.)..*...<.1..s..H.................................H...............4...T...u.......................;...Y...v...................(...I...h.......................0...O...l.............................................api-ms-win

    C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:B076CE111D5DCD734764E8F7DCBFB6DC
    SHA1:09A13ACF64769097957B0B472FC216F4E28D23EF
    SHA-256:21630A577940D4F765BD337A0AA3D579885D703A5CC57A56DC92FAF549873A6A
    SHA-512:89DB9AF6A517DF7592948A3C73C5484C789613617DF09ACDCDE31D81683E1DB2ABECACAC90C50F0B7DEA7058DB9B8D2DFBCCABCD0986E2335A66D4B3EFD9DCFA
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....B.............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text.../........................... ..`.rsrc........ ......................@..@.....B..........D...T...T........B..........d................B..........$...........RSDSI...V.O...E.W9Z>....API-MS-Win-Core-Kernel32-Private-L1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...I...V.O...E.W9Z>t..Nc.Q.!~...B.......B......................H...........1...\...................l...........2...v...............................M...t...............T...............X...................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:36087F1563333F8375D816286CE2BD83
    SHA1:26D252A88705E7905F0497CC5A797E44E31116C5
    SHA-256:DD3A40BB87947CB8E60DA3DA60B35A64895A7FCC026468F8ACFDCC4124C80C9E
    SHA-512:C7E778944C3F06207FFCF798F91667244832345109E968694D0C3CC76614F83CBD2DE25257369C885C0C06FE3C1C41DCC92A5B02F71E246B9CE00AFE5ABA36C5
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...t;@?...........!......................... ...............................0......\z....@......................... ................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@....t;@?........D...T...T.......t;@?........d...............t;@?........$...........RSDS..b..a...........API-MS-Win-Core-Kernel32-Private-L1-1-1.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....b..a.......P$7..4..v...t;@?....t;@?....R...............H...L...P.......~.....api-ms-win-core-kernel32-private-l1-1-1.dll.PrivCopyFileExW.kernel32.PrivCopyFileExW..................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5AF90447CB314B04350F18C10A4A36BE
    SHA1:3998DC0294E962E070E1B32DE0DDAAF7B0A722B7
    SHA-256:B3B63C5BA142093E8F1AFADCDD2972B57633011B795DF6A8B75EF3B28C6EC8D6
    SHA-512:F38CDF192F58EC5B3662EACBC0FD643E6A67ACCA5DF3BB6E2F1A505270755EB158D3772FA5A84354D03F2AED1F91ED8B79AEE958582B653A78368F7C93AEBD0D
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....."...........!......................... ...............................0......g ....@.........................0................ ..................."..............T............................................................................text...9........................... ..`.rsrc........ ......................@..@......"........G...T...T........."........d................."........$...........RSDS0,;..2s.l......Z....API-MS-Win-Eventing-ClassicProvider-L1-1-0.pdb..........T....rdata..T........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...0,;..2s.l......Z..$..p^..i<..".................."....................X...x...............N...............................9...l...................................api-ms-win-eventing-classicprovider-l1-1-0.dll.GetTraceEnableFla

    C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-Security-Lsalookup-L2-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:2626E9D27E4B31E24631718849753590
    SHA1:6FEDFC59587C2E6C328C8369065294AABD626789
    SHA-256:15B53770A0A865FA0EE9C5018D694C69458C8B31AC486AD7C98B50632EE044D1
    SHA-512:688ECFBD542E56C1E755C96985B3C80B10D17145D7C4DEA5407555E4B7E2742F7848FB6189FD1A25C8C23EB73970F79C9ECAC62FFEB5A9234ACA5897636D8C3A
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....+Y............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....+Y.........A...T...T........+Y.........d................+Y.........$...........RSDS....,.lu`F.Unct.....api-ms-win-security-lsalookup-l2-1-1.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .......,.lu`F.Unct.Xu.....j.`.+Y......+Y.....R...............H...L...P.......{.....api-ms-win-security-lsalookup-l2-1-1.dll.LsaManageSidNameMapping.advapi32.LsaManageSidNameMapping.....................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-file-l2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:488776E0B078337A0010D610DB402CEE
    SHA1:DCC7A02EE59EC53D9AC5AD6D43610A295EA8A665
    SHA-256:AA6760D12BC13919DF30F3D1E042D5D4F07F731AF6C6EFB5DDFD14958FC34A45
    SHA-512:B24B3BD32DC54E8654D2D50682EB07387BF6C5B0C8F2AE8DDF5E3BF26C7D6535951D8E443A38CAABE1CD1C44D68A4CB20442A21636DA53A1F498D9159CFAA021
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0......t_....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@................8...T...T...................d...........................$...........RSDS.0.O..}_.1..j~n....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....0.O..}_.1..j~n...D....................................................H...t...............'...S...................A...k...................C...l...............6...U.............................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32

    C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-file-l2-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:2D7173933869C5097769F139BA0A554A
    SHA1:4654094E907AE9280F7A46ADF8C3D1BF25C0A3D4
    SHA-256:B0E2261FC4DECAD29F396A93527D00A2EDE46E2647566B67237EE1164B7C3881
    SHA-512:C5484E3A32DB7849277E509B6966C77FE2448B95877162E4A79706BDB8104D77F411E61AF400F800F61A7C693E98F144C5C89EFBB53516E4331B0D54D41B2DE5
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....o.............!......................... ...............................0............@......................... ...u............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....o..........8...T...T........o..........d................o..........$...........RSDS2f."...cg.s...g....api-ms-win-core-file-l2-1-1.pdb.........T....rdata..T........rdata$zzzdbg... ...u....edata... ..`....rsrc$01....` .......rsrc$02.... ...2f."...cg.s...g...8....,.o.o...................o......R...............H...L...P.......r.....api-ms-win-core-file-l2-1-1.dll.OpenFileById.kernel32.OpenFileById....................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-louserzation-obsolete-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:FE49707BC56E1E8D183E2CC12192143E
    SHA1:35AC5BFDA1BB9B33DACA10C5CB3CC8F7D5B6E535
    SHA-256:27B6940A51705998D6C34453B2FF11456FE983A81520E1A6A2848C4A52782065
    SHA-512:928D6BC001A765F7D54ABF9A220AED737104E3238459EE53A89DE78CAFA5244B1AF8F8043A5FD957EF393E12D0DBC883103442F364696C656105C7229BAD212E
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0.......,....@.........................0................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@................I...T...T...................d...........................$...........RSDS......<52.../}I.....api-ms-win-core-louserzation-obsolete-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... .........<52.../}I..~d..p.3.f1.........................................X...................k...............&...e...................Q...................J...............................api-ms-win-core-louserzation-obsolete-l1-2-0

    C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-core-string-l2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:444BFD95094ADF70CCC225EE5EF5F70F
    SHA1:85C7220797AC14B641AA819DC546CE174949D5D3
    SHA-256:0E60481CC4AC0EA1C5358C22C68F9E23DE009EDBE5EA8429236915A62D119ACB
    SHA-512:6B435C2D9E3486296CE748AA7C54F03121565D083647CC643678AFAEAE5C2840CEAA95D5B007B9EF7E73DC680AD379920E5900264A002BEC8F78989C2C3619D6
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...1..............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....1...........:...T...T.......1...........d...............1...........$...........RSDSL.p$...+.;;...q....API-MS-Win-Core-String-L2-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...L.p$...+.;;...q....&!..c<.t1...............1.......................H...p...................5...U...v...............................+...F...k.......................................api-ms-win-core-string-l2-1-0.dll.CharLowerBuffW.user32.Char

    C:\Program Files (x86)\Topaz OFD\Warsaw\API-MS-Win-security-provider-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:23350C4A2B9189E78F8E2FB77A26EF21
    SHA1:B0908136A598F12226BE872243FFE92275E5CC03
    SHA-256:3BE94D686458B00D0F9B51976EE90297171AEA64B8A517E3A9D2AD9353E8F4CE
    SHA-512:F4FC4F1C2205ACFD75CBFB7F134EBE6B05720EF20A9FC2C6135B8EE300EF4483EFE3F466898CC85AD916545287AD3C446E2DF6B6C3FFF5781A0C59C200EE2639
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...jc.#...........!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....jc.#........@...T...T.......jc.#........d...............jc.#........$...........RSDS....N..;.....)f.....api-ms-win-security-provider-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .......N..;.....)f....Ng..w...gjc.#........jc.#....................H...`...x...........0...Z................... ...I...t...................api-ms-win-security-provider-l1-1-0.dll.GetExplicitEntriesFromAclW.advapi32.GetExplicitEntriesFromAc

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-base-util-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0851AD51663C9CE9E878CCFB321E4DB7
    SHA1:8E55BEF22145614E90C8F173125F94886D0D6AF7
    SHA-256:38AD9FFF769EA035B34EE293F3D7EBBA0979D9664D7D67C156F23767A9DCA2AF
    SHA-512:995D84CF16C261E9BC80D99836EF5E8B64F20424F8CB8CA3FC2DDB75F49F10D37365E4BCEB6E8510D641634F73F3B819FE8B040D7A4953686B4B87DBAF375539
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....3.j...........!......................... ...............................0.......%....@......................... ...w............ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....3.j........8...T...T........3.j........d................3.j........$...........RSDS....K.... UP!.!....API-MS-Win-Base-Util-L1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...w....edata... ..`....rsrc$01....` .......rsrc$02.... .......K.... UP!.!.wGk@.....7*.3.j.................3.j....R...............H...L...P.......r.....api-ms-win-base-util-l1-1-0.dll.IsTextUnicode.advapi32.IsTextUnicode..................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-com-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5952EFB6ED10024E72063091DDA6416D
    SHA1:F0797762B68B1CA6D7417309E90ECA340754BCD9
    SHA-256:B599543863DD9B05B55E501E8E7535CCB8D83420E1DD306A12D32FE9E7A79675
    SHA-512:DBA74C5FC4E9D5A9F9D873BD3B117CB94430606218084F774C0A3595F7F3272DEB8D463F28F04A1ADD5DA98A2CE2ACB1A051874BA3BD0EFB3E1E21841C20BFF8
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...w..............!.........................0...............................@.......+....@......................... ................0..................."..............T............................................................................text............................... ..`.rsrc........0......................@..@....w...........7...T...T.......w...........d...............w...........$...........RSDS...<KbXj.....?.....api-ms-win-core-com-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata...0..`....rsrc$01....`0.......rsrc$02.... ......<KbXj.....?.h...bg;....w...................w.......h.......P...P...H...........................H...g...................G...s...............0...b...............&...L...s.............../...]...................@...h...................B...l...

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-comm-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:1EC8473900C4CB2F0A4DF10C822E0CD7
    SHA1:287B23F5FBF7134164324633CF633109FC989EF3
    SHA-256:86AF2E1DA81ED477B843A1FDA0C7BD0018BB520DF5363F72E9EE67B73F33DBF2
    SHA-512:1C8134D3CE65703727E09FF68AAF44C3FF5EE25F1B67520970F67C6EA1E3B0A82C534947A91774C7F1865003BF98660780FA12CD008D542AC54053D5F29D442B
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L......o...........!......................... ...............................0............@......................... ................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......o........8...T...T..........o........d..................o........$...........RSDS.H..E".*...L.q.....api-ms-win-core-comm-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....H..E".*...L.q..)....1.}......o...................o....................H...........+...R...}............... ...H...n.......................@...c...............C...j...................;...^.......................0...Y...v.......................

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-console-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7A0B6A45D9EFDF3ADD47DC27C3589600
    SHA1:2BC2CE501B587BB708D539FCF79F6973305F2B32
    SHA-256:0B3340195714B12761F0DEC7204038DF0A1CAAB3B7D4ED29BEBC6B851DFF099C
    SHA-512:73585050F75DCD27B56E5F706997C749BFCF7370D067CBFD9DE3D314B839570BFAEB09009758843E898CB84687101E89295EC3758DD95F6299AC08D2C0FC65E0
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...ofq............!......................... ...............................0............@......................... ...+............ ..................."..............T............................................................................text...K........................... ..`.rsrc........ ......................@..@....ofq.........;...T...T.......ofq.........d...............ofq.........$...........RSDS)..!....`]'.X.6....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ...+....edata... ..`....rsrc$01....` .......rsrc$02.... ...)..!....`]'.X.6...j.\b.@P..ofq.............ofq.....................H...............'...L...w...............:...g...................4...........=...d...............(...U...................&...............................api-ms-win-core-cons

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-datetime-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:549E6D151EFF109A9575BEE0CBD3A6C9
    SHA1:37B793F1CFE889FD44555A873F01736A6027A682
    SHA-256:E8A95E217CC9C7FF52F9541C43DD8F56D2F7FA09FCD3BD7CA0ACBA0612836076
    SHA-512:BEEE8F9A1FC57CD2746F1999C635BE5FD3EB18EF79832FB200F63D5CCE78EA7DCD551CDB94BD9493650BC3450EA337074526954FE9F606CCD16717E9478A2815
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...}.............!......................... ...............................0......rU....@......................... ................ .................. "..............T............................................................................text...0........................... ..`.rsrc........ ......................@..@....}..........<...T...T.......}..........d...............}..........$...........RSDS...W`.3!..%..0....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......W`.3!..%..0..<.m../@...}..............}......p...............H...X...h...........................................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTim

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-debug-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8EA7DB6DD9089F0AC1D9B4FF0B79AB8A
    SHA1:2A10782E6CCD88A7AEC6909C4B5A753B5F7055BF
    SHA-256:657006E6043C929B6606D843AD86F942ED354EE5948B647348F36A98035CD6CC
    SHA-512:B4A910A72CE83F7E21878D1D7818B6E367D4776967B9896C776C340A665BB6902D527A2A68EA5E42DD9C2DDE879A624EEC7B9093C00E4A688882C94147FB51BF
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...]j.............!......................... ...............................0......%.....@......................... ...|............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....]j..........9...T...T.......]j..........d...............]j..........$...........RSDS...!.u.3....7.)K....api-ms-win-core-debug-l1-1-1.pdb............T....rdata..T........rdata$zzzdbg... ...|....edata... ..`....rsrc$01....` .......rsrc$02.... ......!.u.3....7.)K....yZ.:.`#.]j..............]j......z...............H...\...p...............O...................8...o.............api-ms-win-core-debug-l1-1-1.dll.CheckRemoteDebuggerPresent.kernel32.CheckRemoteDebuggerPresent.ContinueDebugE

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-fibers-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0E2BF1A4C8B1968FF8A4A1067300DB21
    SHA1:53CB33AB45D79BEE44661114A6E90F71440400BF
    SHA-256:F3366CC19D3BF6D5ECF93E753ED1432A02C74C6FB304F57762099086ED3D90F8
    SHA-512:290437CF09D3374AE8D714194C7C9BC9469291E3A6CB2957BB73B3F14CE55D7617EF00B46DC16E8260CCAE7942D04362FE3AA5C5B62B97AAA986986D7580DB2C
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...ZC.G...........!......................... ...............................0......A.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....ZC.G........:...T...T.......ZC.G........d...............ZC.G........$...........RSDS.,.+O.{1.)...G......api-ms-win-core-fibers-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....,.+O.{1.)...G..0....-.m...sZC.G............ZC.G....p...............H...X...h...........................................api-ms-win-core-fibers-l1-1-0.dll.FlsAlloc.kernel32.FlsAlloc.FlsFree.kernel32.FlsFree.FlsGetValue.kernel32.FlsGetValue.F

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-file-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:97F5482C9C49139AA786C006309DA3CB
    SHA1:D4BA27D43CBBBA0B79065CEDD3862D05877F9F47
    SHA-256:CE3E4F16B07D6C6753DECD6C5F30AE75755D6BAF33F2A9551E98458EA427DB25
    SHA-512:FC1B3FA085138D90ECD99B29071E353ADB2647BC2ABE2AF22A0AF1F2C9C496D02B9624D256A0D710CFB6267FC16D96A703BCEDC34E4E3FAB5F0E0CA272353766
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!.........................0...............................@......we....@......................... ................0..................8!..............T............................................................................text...'........................... ..`.rsrc........0......................@..@................8...T...T...................d...........................$...........RSDS).,...L.Yv..`.....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata...0..`....rsrc$01....`0.......rsrc$02.... ...).,...L.Yv..`...."..fw.E..............................6.......K...K...H...t.......f...................(...N...o.............../...q...............=...f...................B...k...............!...P...y...............,...]...................+...

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-file-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E925820E2EE921CEE60823F374CADCB2
    SHA1:B5D925E0270B362EC3CE223AFE47957A8B9E7D28
    SHA-256:2136AE5A056CD418A427DC28B55D77CC59D64ACBBC495BDF116835650EF9051B
    SHA-512:6DCAFAADCBE8BC46467A2A7550B890ED5B490B151E105D046348F35FCEDA740378F0D3D652509ED0EADC26EDE7D255F5885552B9B709E6AA90C083F2F21D5711
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....ARo...........!......................... ...............................0......Xc....@......................... ...L............ ..................("..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@.....ARo........8...T...T........ARo........d................ARo........$...........RSDS...+A<...s.O.....api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ...L....edata... ..`....rsrc$01....` .......rsrc$02.... ......+A<...s.O.&...x)=.ro2.ARo.................ARo....p...............H...X...h...............B...............!...........api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolu

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-file-l1-2-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4711C70708B086AD8604F89FAB224A41
    SHA1:05ABCC2353FB069770938A93B3E0AB0A4CB9E723
    SHA-256:CD0005D837BA116E0473F699588AB3B5542CB7A697769FFEAAC5750EC9E54A95
    SHA-512:2C9C8694C986167FDE8ECD5610BEEB81DF1B16898DA4B6598B2C57CA5F783F0368583478E94D40DB80CDCB5F2B9F6577BCFAF5D5C4725EBDCFEA1D86BB3CD7C1
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....;............!......................... ...............................0......L.....@......................... ................ ..................."..............T............................................................................text.../........................... ..`.rsrc........ ......................@..@......;.........8...T...T.........;.........d.................;.........$...........RSDSf.~..4H...F.X.......api-ms-win-core-file-l1-2-1.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...f.~..4H...F.X..._.......\.....;...................;.....f...............H...T...`.................................api-ms-win-core-file-l1-2-1.dll.GetCompressedFileSizeA.kernel32.GetCompressedFileSizeA.GetCompressedFileSizeW.kernel32.GetCompress

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-interlocked-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D5D66D3EC243B8D528DEC68D3E898DA8
    SHA1:8862B71AFF701B9B9FEF790E0050751FAFD86D2D
    SHA-256:390ECCE204994C264616590DAA63211E820C10186D357CBAC7E17D4BDC971861
    SHA-512:DF78B03AA4681BF847CA6D50676934FEC205A3DB0C99218E17EC37EB675AB0D984386950803E6359782C7084FDD33BE8589A78B4EC990AE5DBE5FE2DE14D9B4A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....#...........!......................... ...............................0......_.....@......................... ................ ..................."..............T............................................................................text...4........................... ..`.rsrc........ ......................@..@......#........?...T...T.........#........d.................#........$...........RSDS. ^.J..I..P.s{o....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .... ^.J..I..P.s{o].5...asF...#..........#....................H...t...........+...l...............A...u...................Q...................+...`.....................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeS

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-kernel32-legacy-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:22ECCACDF6DAD4A35B60A5726BAF492A
    SHA1:A8A1AB8D5D1E34E51A22F922A9E55DAA59E79360
    SHA-256:E6262F1B9BAC96EA5CE35AED519190EBF29E27C64AA2FA237D8D87880CC09A6F
    SHA-512:B11DDD8265652FD31252EF6C261EF817D9E2C27D1A839BBD54DF2B17CE69D0562620FE8F241D623FE502E8A7F5E7ED77F2D46DAE3553836C93433C4943F4DD05
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@................C...T...T...................d...........................$...........RSDSmc[..r'*-...c..o....api-ms-win-core-kernel32-legacy-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...mc[..r'*-...c..o..bP`5..RO..................d.......6...6...H... .................../...[...x...............)...T...................B...o...................;...i...........(..._...................U...................:...]...}.......

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-libraryloader-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4B594A356676EB6BD34BE923241BE632
    SHA1:794DEB1ECD0161BD3382ECC63C3EB89322032D90
    SHA-256:D623C42764AF9D1F0927EBDC90B46D12C1F66397FA712460AA0C80080D1CAEB0
    SHA-512:9049AC45D41A240ED62E48277184B063394B89EB049F7A9AB57E6A31938B928FD77E442E64E9EE76F781541546665097395049E7CB44A331FCCB8BA89662CCC0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....n.'...........!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....n.'........A...T...T........n.'........d................n.'........$...........RSDS..,.F=8..i..#.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....,.F=8..i..#...;"...x}.z.'.n.'.....n.'....................H...........g...................M...|...................]...................&...H...g...................W...................4...o...................J...y...................

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-libraryloader-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:3003277A51A8F898846F1F3245FF759D
    SHA1:B151A1BF1A22CC37F32E13B61F94FAD34F245206
    SHA-256:E770B846428581DE9A83C3D8E95EC82F80272100F26EEA0DB66618100F79673F
    SHA-512:08BFA0BA39C556693D3D725DEB90B603E6E41F27708F70C29BF42376FD2056F42302ED303732288231BF2CA0C9E5D2BEE3569C9DA8C464335FA2681878E5B50E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....V............!......................... ...............................0......-x....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......V.........A...T...T.........V.........d.................V.........$...........RSDS....`..M'...,.......api-ms-win-core-libraryloader-l1-1-1.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .......`..M'...,....i^=..`.l.t..V.......V.....................H...`...x...........8...k...................#...V.......................api-ms-win-core-libraryloader-l1-1-1.dll.EnumResourceLanguagesExA.kernel32.EnumResourceLanguagesExA.

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-louserzation-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:722683BB7732E88AD323BC181EB7B685
    SHA1:4F3C350B787B2DF36CB0219791A89937E6A0A5AE
    SHA-256:DBE3C8D13C67EA4851F1E4AB469C3FF489FF7AA98DA4064AD2F3AD16FD6DB56F
    SHA-512:ECDCA86D6E388C19594EB2A47F073029D9801583B11F693F2AFC97F4349C472423F9756BE3441000155E78E082D9EFDA64AFCEB33FB2B08BF4E2289732E78E1C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....f.F...........!......................... ...............................0.......>....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....f.F........@...T...T........f.F........d................f.F........$...........RSDSkR...<...L.,.>......api-ms-win-core-louserzation-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...kR...<...L.,.>..n.N.#$..E..f.F.........f.F............;...;...H...4... ...........-...\.......................5...U...}...................A...i...................1...n...............O...................O...~...............&...O...|...

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-louserzation-l1-2-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:29D3E67B34477B9EDE09D19BD9B5FBD4
    SHA1:3104DC7CCFAD02DF332BA5E38A2311890E70AD8A
    SHA-256:1C1DD6FFBF229E1DF5709B2F0E3B68145D84031BD999BACA698632D337D608BC
    SHA-512:ACB3DBCDD814D52CF918F4D35DB1FCE1C0A262FF727DFB6CFE0496A8C886AF6B3FF847FA81762625181A8ACB456889FD02D21F364E05467EF6BF2991D314ED0C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....0K...........!......................... ...............................0............@......................... ................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@......0K........@...T...T.........0K........d.................0K........$...........RSDS...@..y.....\!pb....api-ms-win-core-louserzation-l1-2-1.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......@..y.....\!pb..."..|F......0K..........0K....R...............H...L...P.......z.....api-ms-win-core-louserzation-l1-2-1.dll.EnumSystemLocalesEx.kernel32.EnumSystemLocalesEx..............................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-memory-l1-1-2.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D8DFEABB9BC470DABAF136383D7D58AA
    SHA1:4B9D2337E5F75BAD9D2175E7D954B744A91B49BF
    SHA-256:CC5C8A1E2783B6D356976D4B72BA49DFDDBDD49CDCB05DA250FF1CA192323D00
    SHA-512:D1124F984BAD0ABF2F281CD9061C227FEDC651946B49BCDEFB08ED7A2DEC30E045B8B936E5F1CD2BA5CB5986EE0FBACD0A92E4BC0B8BCCD53860E1D4B6113C2C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......x.....@......................... ...C............ ..................."..............T............................................................................text...c........................... ..`.rsrc........ ......................@..@...............:...T...T..................d..........................$...........RSDS.~.M...~.W...vY.....api-ms-win-core-memory-l1-1-2.pdb...........T....rdata..T........rdata$zzzdbg... ...C....edata... ..`....rsrc$01....` .......rsrc$02.... ....~.M...~.W...vY....:.$....{......................................H...t...........3...o...........&...W...............G...........Z...............D...s...........4.........................api-ms-win-core-memory-l1-1-2.dll.AllocateUserPhys

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-namedpipe-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4E7BD9D00F6923063F95518D01E4F8EE
    SHA1:3B827A6283ECE7E527467DA5A3D1B6E33E464B72
    SHA-256:2CC6F04E9D8161F14B54B415CD103DF75E0B19782B3456C5222E49D913C29D02
    SHA-512:89FF7F35A5FB05F005BF41BA5EEE36EB15073FF0AB6849B15B4473D2551B9FC55C793586F532A47A7828050C6715CCA7A163D9431019276F7426EF16FCF2CB97
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...t..O...........!......................... ...............................0......&k....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....t..O........=...T...T.......t..O........d...............t..O........$...........RSDS.0..PLv.......L.....api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....0..PLv.......L....'.@_ S<.wt..O........t..O....................H...p...............2...Z...............<...o...............'...F...w...........$...]...........................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-privateprofile-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:81533882FF1A2BEDF27D87F44984C387
    SHA1:B3ED2A21A8DE961E9072FC84FCB1B16C0F07AFEC
    SHA-256:A2E2C2F8CD2A8F1DC085147DFF936F399BA22DD040D996886EFC286432908D2F
    SHA-512:60B3FA6EFC04BD4AC2C731BDA9ECE34ED8FDF582B4990995CBC3F14C24AC86CBEAFA471CFC0A4E8626906361D11CE3C774E6AC97E0371F9057BD454CB239C12C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...M.g............!......................... ...............................0......AG....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....M.g.........B...T...T.......M.g.........d...............M.g.........$...........RSDS...T..7?qV!.........api-ms-win-core-privateprofile-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......T..7?qV!.....!?G)..~M....M.g.....M.g.....\...............H...P...X.......................api-ms-win-core-privateprofile-l1-1-1.dll.GetPrivateProfileSectionA.kernel32.GetPrivateProfileSectionA.WritePrivateProfileSectionW.kernel32.

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-processthreads-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:CEF2075613E1DECC3A573793A7996BF1
    SHA1:802B27233D741FE5779CE5A0CD2E9D9B2240E583
    SHA-256:8B2B61FF3183F21B502AD41A4D7FD6B40DEA38D7E65B62E90A35E933B2CE797E
    SHA-512:157D0129F6D1A17F634EACF61B7E3AB0BB38816D18618150D9278FD39ADEDB09338822699BD5774A2836C9B6D355EA0BAC2824B78CDC1EB688C265AA23872C79
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L......I...........!......................... ...............................0.......H....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......I........B...T...T..........I........d..................I........$...........RSDS...W..w. ..v-.......api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......W..w. ..v-.......Q.c.w/.Y...I.......I....................H...............M...............B...w...............>...n...............3...p...........'...f...............2...S.......................................api-ms-win-core-proc

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-processthreads-l1-1-2.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:933BE511E2980FF529751D9579CCE838
    SHA1:C9DC098896860E51205A1DAE8D77FBA8C258EC7D
    SHA-256:AA7DB5CB61F2070373881E7E39EF780B1FB7BAB390408EDFD3FE266AD304C753
    SHA-512:C4EB72335BFF9E7EFD1E2FB9A70438FE3F5AB03D6813CDDCB31658624EF2DF94CC8A1DDA5BCEB889E281F30781E098F8263071039A97803E4A4FE467177AE35B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....D............!......................... ...............................0...........@......................... ...q............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......D.........B...T...T.........D.........d.................D.........$...........RSDS.....xa...Ei.....api-ms-win-core-processthreads-l1-1-2.pdb...........T....rdata..T........rdata$zzzdbg... ...q....edata... ..`....rsrc$01....` .......rsrc$02.... ........xa...Ei.%.N*..........D.......D.....................H...l...............C...x...............B...s...........,...c.............../...^.....................api-ms-win-core-processthreads-l1-1-2.dll.GetProcessPriorityBoost.kern

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:2B09AA14F29816B79ED7D90A653F69D4
    SHA1:C26E72BEB0B34F47BAB6D2C9F7B8EB2F37735331
    SHA-256:9D430378C45FE71B58EEE84C5023CB66063410EDC650BB2821FE4A422F9ADE9C
    SHA-512:8660CB282D9E700ECB11ACF056BBD5FEF22A8F751AD49E7260B7D9089BA092EAAE95A6DDB4C346370820FD645D794EA787830B417CA5B2012B1F008A05AE9255
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...F..~...........!......................... ...............................0............@......................... ...v............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....F..~........D...T...T.......F..~........d...............F..~........$...........RSDS..I.&.C/.ob........api-ms-win-core-shlwapi-obsolete-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...v....edata... ..`....rsrc$01....` .......rsrc$02.... .....I.&.C/.ob....%.K(..4.NqF..~....F..~............=...=...H...<...0...........+...F...b...}.......................+...F...a...z...........................?...Z...v...........................7...R...n.......................#...=...

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-stringloader-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0579BE94C6008F412EB935B677BEC0F7
    SHA1:7CF83F2D3AF118F935EB529EBED53FE382D19167
    SHA-256:F3CCFA06A73A0FEC97DE1BA5E7AAD27CA7D80875E5982AA12CAD51B5D49AC87E
    SHA-512:173BA37BFC35D33F677D733B0F371D09F2001FE2C531E3C41101A06BF092C6AD9BD05DDC6DC639F0E05D2442163D012A8BF9004E120EF4D2D45C19150B74FEB4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...gP.X...........!......................... ...............................0.......a....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....gP.X........@...T...T.......gP.X........d...............gP.X........$...........RSDS.^.1.:..8T..=.vv....api-ms-win-core-stringloader-l1-1-1.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....^.1.:..8T..=.vv....X]g0....gP.X........gP.X....\...............H...P...X.......................api-ms-win-core-stringloader-l1-1-1.dll.LoadStringA.user32.LoadStringA.LoadStringW.user32.LoadStringW.......................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-synch-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:C9EF0BBCEA4C7E2EE35A302ADAF6D9E2
    SHA1:D053A1159B9640DA6E9CD52AFAAFC5FB65C58A3E
    SHA-256:43ECD8AAFB4AF6308E0181052BC70177CD22FB5A23B459BCFE2B6C4192F263A0
    SHA-512:6F88B595132172CF7B8C939C3228375D11339793C9769E88F696A208ECDAC2342A070B6A0EFA211478F81B46ABE7D7D3C3A31CE6DB0B9B5CE040766FE04BE630
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...\@,............!......................... ...............................0............@......................... ...v............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\@,.........9...T...T.......\@,.........d...............\@,.........$...........RSDS......4.>{{..S.u....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg... ...v....edata... ..`....rsrc$01....` .......rsrc$02.... .........4.>{{..S.usFA..a...c./\@,.............\@,.....................H...........0...r...............?...w...............F...................D...w.......V...............,...[...............-...h...............0...a...........................

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-sysinfo-l1-2-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:399C51423B8AFE1B238FB116A2302A55
    SHA1:E4FF56F468F1C8C2B097A68349DC053E6D79284D
    SHA-256:661148F1A579B2ADD28037DF453EAE82EC96929FAB448F61E05A7C69CF2195A2
    SHA-512:C6B7778F94E169E627C0450917387C4E1F0B88269848392C2E2013F3F5C47E2D1458ED83C0FF27B04BADE779716C3E59D7F9BD5FED94AED0133CF2C79F5CCD22
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......c,....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@...............;...T...T..................d..........................$...........RSDS@Y......2.;.-.......api-ms-win-core-sysinfo-l1-2-1.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...@Y......2.;.-...Vh....R...........................z...............H...\...p...........J.................../...n.................api-ms-win-core-sysinfo-l1-2-1.dll.DnsHostnameToComputerNameExW.kernel32.DnsHostnameToComputerNameExW.GetPhysi

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-threadpool-legacy-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5A4E5F8857BF51C43C7F3F35C126B8DB
    SHA1:3281190E1164D353C0E79A08B1416FBD1427651B
    SHA-256:347B90BBC092A4B2295FDE35EC415B20E65835ABAD497F62D81829730806B324
    SHA-512:E3A6AE2740883CBA0BF5E26F631E6E8361A1CA30AFF23D5FC5F9F31EAAC69AA321328674473F67F66159660EA0F3CADA550D65FF192E1BD83D6611258C77A2EE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....I............!......................... ...............................0.......>....@.........................0................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....I.........E...T...T........I.........d................I.........$...........RSDS..m=ak.....h........api-ms-win-core-threadpool-legacy-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... .....m=ak.....h....24R/~...E[...I..................I.....................X...t...............A...s.......................+...`.............................api-ms-win-core-threadpool-legacy-l1-1-0.dll.ChangeTimerQueueTimer.kernel3

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-threadpool-private-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:670C2A82F2D14EEC3636D8A9BD495AE8
    SHA1:9455D5DD1A25F8ABC5ED88AFDA767D7BA2826E92
    SHA-256:21E3D5114E0E9F881C6B97FF810D199A566EBFC8B60BC2C68FCC31E1D96267FD
    SHA-512:3F4F81CD168AD421F1E3D7AAAA2F109EAE1E1AE452885AC1BFA4D51CA06CC64F72AEABAE92DCEFBF8EE4163020F9D98D2195F67062E9D619C7A8798C77EDAAE5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..._.Z............!......................... ...............................0......JR....@.........................0................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@...._.Z.........F...T...T......._.Z.........d..............._.Z.........$...........RSDS.p...!....y.*.O.....api-ms-win-core-threadpool-private-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ....p...!....y.*.O....[X.}~/..I_.Z................._.Z.....b...............X...\...`.............api-ms-win-core-threadpool-private-l1-1-0.dll.RegisterWaitForSingleObjectEx.kernel32.RegisterWaitForSingleObjectEx....................

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-core-wow64-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:3884A3DFCE42AFD1CC4B217CBDA8FA95
    SHA1:0CA8C9E06E40EFEB8FE7F48F7D786B869217560F
    SHA-256:9090B7D4B9E307E124D5744B2E579BED88B53B870F62E761766DB41217675D36
    SHA-512:6329ECC6178669E8259080DC4CEF869238306007C1672F4CC7E7022AF8CF789C0FA4526D3C396C1B77FD34A36EA88D44348E8B105314CE7F20EA22BF8191D145
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...D..............!......................... ...............................0...........@......................... ................ ..................."..............T............................................................................text...:........................... ..`.rsrc........ ......................@..@....D...........9...T...T.......D...........d...............D...........$...........RSDS........m}..Q;S.....api-ms-win-core-wow64-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...........m}..Q;S.F.U........D...............D.......f...............H...T...`.................................api-ms-win-core-wow64-l1-1-0.dll.IsWow64Process.kernel32.IsWow64Process.Wow64DisableWow64FsRedirection.kernel32.Wow64DisableWow64F

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-crt-conio-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:C2523931BCAA528B13C373C576202DB3
    SHA1:D621DF54DA8AF34BFF0D2113B9054FDD920BB374
    SHA-256:09947397737DCAC66A01806A09DFB1944312A26B0A039E9577139CA4A48073B7
    SHA-512:A89DB67D71943045036D88F7FA1D7293081A380A632A12920076CA5308333A6ABA09311A1D0F5BB36E3AF600FC52A3332CA0CC4AAD0AD53A7FD39C1C8BFA12E2
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...jV.............!......................... ...............................0............@.........................0................ ..................."..............T............................................................................text... ........................... ..`.rsrc........ ......................@..@v...................jV..........8...d...d.......jV..........d...............jV..........$...........RSDS........'.s5/..d....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...........'.s5/..d.%3&m...;\..jV..................jV......................X.......H...........4...n...........#..._...............................=...\...|.......................=...\...|...............................W...........

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-crt-convert-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:DF8A1C7C86B0FC15A09068DF07C39402
    SHA1:8B5B1B38AD95CDA62C32B906FB322FC7B464C86F
    SHA-256:5E995DA1D99B4C83A31104E422AD6D391C89FC3B768E265DBCAD63D1453E1338
    SHA-512:FD675C18ED8272370E4E518699B1D23C2251887902D9AEA1416D2F8C3010DA114F279D85AA30D0977D2C36249FB623E1B23FE7D9B7D18634B6487C73CC14CD5B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!.........................0...............................@.......Z....@.........................0................0..................."..............T............................................................................text............................... ..`.rsrc........0......................@..@v...............................:...d...d...................d...........................$...........RSDS.1.....5..MD....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ....1.....5..MD T=...Z.9.X.................................z...z...X...@...(...H...c...~...........................7...Q...n.............................../...J...e...............................#...:...U...r...............

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-crt-filesystem-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4CB3789051A8AE05DF2E032761C2DDA6
    SHA1:2771E2219DA95B4E1B4BF881032EB6D1F7C9417B
    SHA-256:91C09218C3B3C2D366D06053E09BD4F417D5F7B9432ECDED0E010A7AA3FAEFF5
    SHA-512:6314609ADB1E1E6E2A9CDB5C555F83C0225AC11E88149EB443B54F7FE4D324336BBDDC3143F896C1901B03C5A048F213218D9FA2D4299113E36DA4718FD293DE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0.......u....@.........................0................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...............................=...d...d...................d...........................$...........RSDS...gK6.....T[.;....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ......gK6.....T[.;2.>.Wf:Y)t.............................A...A...X...\...`.......*...D...]...v...................$...I...m.......................0...O...o.......................%...<...W...x...........................8...

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-crt-heap-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4EBEAF6377B940AE73D44265AC0281E1
    SHA1:93D1190966BC347E8AC091737FDF1D8444AE95E4
    SHA-256:AB4753FA5825FB9B028A75B2C4D49E9C476DD1267E2F6F9D9C2317B6FA41D609
    SHA-512:A0B5EC87B60FBB72AB4FDBEDE228EE1900D179CC056AC67A5B46190BC008A05DD662DAED28DCF94CB90D8CC954A3249F52BC20A6C49AD32A1AD97ACDAABAED45
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......[.....@.........................0................ ..................."..............T............................................................................text...F........................... ..`.rsrc........ ......................@..@v..............................7...d...d..................d..........................$...........RSDSa;PZ.1......."......api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...a;PZ.1......."..f.p.r.7....C..........................f...............X.......0...................I...................'...E...a...........................@...l...........................5...................1...j...............

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-crt-process-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:29EE4BC0912F513E4ADD55C8A49F6AC0
    SHA1:0B866C4A89A704EB3B86CE7FB4ECFC1C1253246C
    SHA-256:35BCA3BA92382FB21A89C1C7DC805E14E6D1A3C4F77F8B3A3BE8E275D92C11F8
    SHA-512:5E63D0B440B9FF2842C6F28628517BBC2F4D9926F02C39E3368B58DA47ED85B7166C6BFA50505C230BC2909E382346EC76B62CDB0E9109C2AB5C7D318DAF30A6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...o.2............!......................... ...............................0.......7....@.........................0...x............ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................o.2.........:...d...d.......o.2.........d...............o.2.........$...........RSDS..l.}...q...$......api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0...x....edata... ..`....rsrc$01....` .......rsrc$02.... .....l.}...q...$...^.....{..i.o.2.............o.2.............$...$...X.......x...............-...F...`...y...............................J...e...........................%...A...\...v....................... ...=...Y...v.......

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-crt-runtime-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:29B1BA1EC35CED475845FFBFA91814DA
    SHA1:A2BFF0C969EE63A7F384211FAA31C84FFA456158
    SHA-256:F3765538783C9D9FD2A14560BEC60145B846EB093EA531024CBAF21E1BF9A037
    SHA-512:1C0C4B8EAE6F62A37644D80AB3CC6A2D0E7F9B01AE6BE3D2BE7FC99AE4EA9F922EEB87DCAB3EE02E7964C047E34708489AF5DC290D6C0A927A37172B423D0789
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....2.O...........!.........................0...............................@.......r....@.........................0................0..................."..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................2.O........:...d...d........2.O........d................2.O........$...........RSDS.:.....1../..$.*....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ....:.....1../..$.*j`Y..+J......2.O.............2.O............k...k...X...........................6...T...s.......................>...e.......................+...I...n.......................F...e...................&...G...d...

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-crt-stdio-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:973B093DFD5809176D4FFC0AE7E4940E
    SHA1:DC367A3A427FE26645696646A1CB27BFEBF9BC69
    SHA-256:B5CD23A1FE10F33C55A57B80522EC4803A6ABB2CDB54AC9CBBAA2A9C7E0F680D
    SHA-512:0E1F81CF51712DCA411914DFED618AC65F67DBD2484A028044AE1195E678FDC934091B532374AD66AAD9230991F4EDA5F59711A25408AC95F9CC30E01B6FDA40
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...I.o?...........!.........................0...............................@.......C....@.........................0...a............0..............."..."..............T............................................................................text............................... ..`.rsrc........0......................@..@v...................I.o?........8...d...d.......I.o?........d...............I.o?........$...........RSDS.../L...{;[3.m5.....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0...a....edata...0..`....rsrc$01....`0.......rsrc$02.... ....../L...{;[3.m5.4.W.6.......I.o?................I.o?....................X.......P...............1...l...............Y...............P...............?...x...........0...Y...t...............................;...^...................

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-crt-utility-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7EE56514A0E5DED5B6A14524018099F2
    SHA1:0B2BA6827FE5D563DA186E99B0E46D41C5C9B4F8
    SHA-256:E8080F727B61E5B0997560CA6F2BDF894A65C0666E1762EAAE4A8582FA84C40A
    SHA-512:434E6E4A01258B923C73888FCAE8A8AB60E51E3B551DF0B5CE9279CEAAA339CDFD76BAFDDCDC70AD4AAD64623D4352FFBFE8D7C591468D40BDD45D95BDFC6DB6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...d.............!......................... ...............................0......7.....@.........................0...^............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................d..........:...d...d.......d..........d...............d..........$...........RSDS.@.7..o..t.c.A.V....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0...^....edata... ..`....rsrc$01....` .......rsrc$02.... ....@.7..o..t.c.A.V...1.v..{U.d..............d......................X.......H..............."...C...\...u...........................!...8...K...`...{...............................'...>...T...i.......................<...S...

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-eventing-consumer-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:072A6F3AE231DEA295EBED9E00870B51
    SHA1:3C3B19C18AE955100BC1068016B8945D4C2CBB08
    SHA-256:247CFE0E970EECDD3CB6079901A95073E0C7FDA5AD423F1A101CA4D61C33E20E
    SHA-512:7A93475A3C48DB28F7C36102FC8965626C6FCD7DFC79C67E8927FE2E1F35AC977EF77628E1642474AE801BAE58659D0759CB175DE60D3D1AF2F52D143032625E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....!.............!......................... ...............................0......sJ....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....!..........@...T...T........!..........d................!..........$...........RSDS.DM..;..CiF.........API-MS-Win-Eventing-Consumer-L1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....DM..;..CiF.....Il.> w.c...P.!...........!......f...............H...T...`.................................api-ms-win-eventing-consumer-l1-1-0.dll.CloseTrace.advapi32.CloseTrace.OpenTraceW.advapi32.OpenTraceW.ProcessTrace.advapi32.Proces

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-security-base-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:CFBB1A13CB222D1B1DC759A1F1F6A582
    SHA1:7FAC3A747AF1FD6B54120E928904031EF160AED1
    SHA-256:920ED4F76EE53D4F813457E4FC95562054D1C12038C70FDBB4D0263C178AFC7C
    SHA-512:A82E007702EA82B3F5AA46BA0E4317C8E4516E58E8EA77EB2F9AA25E7C94E1687553D7B80F512E61E2AB3215BC4DF285767647AE8B4BA38887FD0688E9FEF28F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!.........................0...............................@.......I....@......................... ...I............0............... ..."..............T............................................................................text...i........................... ..`.rsrc........0......................@..@................<...T...T...................d...........................$...........RSDS._...p.o..k..Mh....api-ms-win-security-base-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...I....edata...0..`....rsrc$01....`0.......rsrc$02.... ...._...p.o..k..Mh..'.m.....s.................................a...a...H.......P...B...q...........&...}.......)...\...............3...\...~...............>...o...............M...............1...t....... ...R...x.............../...V...w.......

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-security-sddl-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F9D19707C89F815916331AAA71B76539
    SHA1:9F51FEC20E752967C9993D169C78C28D60DEA6BD
    SHA-256:4EA3735ED1F0187F20584EED66C5D0D7AF74487DD840179BEBD691A9BB407DC9
    SHA-512:E27E5398617E3C4813433D0A7B98B8D0B7D78315440E7ACEE58A02F920E9A9580AB67CD65F936E364D3C74B588B2212435A661C0399AFBB77C46AC88CFC74F5B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....\............!......................... ...............................0......y.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......\.........<...T...T.........\.........d.................\.........$...........RSDSAkE......z........api-ms-win-security-sddl-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...AkE......z......)...ri.QR@..\...............\.....p...............H...X...h...........s...............>...............api-ms-win-security-sddl-l1-1-0.dll.ConvertSecurityDescriptorToStringSecurityDescriptorW.advapi32.ConvertSecurityDescrip

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-service-core-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:C6A1DCA7243D80014820C75EDC1C6BAB
    SHA1:D412225A94E646CB621897057B0BC688ED11C972
    SHA-256:198EEE5E2257045C1450906533D1D5C2EEB1C953879B1A3ECE3F481FAEE2F299
    SHA-512:184B6BF3C18D2C9E44D3AE4738A843806155B938D34D30CC4D9DF05DE8E1819B833C678AA267EAD9C259442C49464F3FBB911720FF309AD8F0520D2064B9E4E6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...c..............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text...:........................... ..`.rsrc........ ......................@..@....c...........;...T...T.......c...........d...............c...........$...........RSDS.b|.40.n.H$m........api-ms-win-service-core-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....b|.40.n.H$m.....]OX\yk~...c...............c.......f...............H...T...`.................................api-ms-win-service-core-l1-1-0.dll.RegisterServiceCtrlHandlerExW.advapi32.RegisterServiceCtrlHandlerExW.SetServiceStatus.advapi32.

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-service-core-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7113782A850F458BD8AB0F806605C938
    SHA1:85C53D397C433FBDCE6BD93754ABB88F9B095B19
    SHA-256:D7DABFA8B1F3D75719772E53D71C4F877B987234D6458FBDA6EB49BB7AA5827F
    SHA-512:4391A48443F0CDE54C092060CDCB7C1E0FD80F9DBE02CA225F0DA07448667EAEB26E0D99408BFEC01103947CD2A05798004B61AF535FA8895A930EF03D8DA62F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....8............!......................... ...............................0......m.....@......................... ................ ..................."..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@......8.........;...T...T.........8.........d.................8.........$...........RSDS..6..wA.c.f@..=....api-ms-win-service-core-l1-1-1.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....6..wA.c.f@..=....I.x.}Qm..8...............8.....f...............H...T...`.................................api-ms-win-service-core-l1-1-1.dll.EnumDependentServicesW.advapi32.EnumDependentServicesW.EnumServicesStatusExW.advapi32.EnumServi

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-service-private-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6B0CDB5E8C52AB72EE24AD276EC671B0
    SHA1:F343DA04B881C77E3019E886A45D6BB7EDF99146
    SHA-256:D6416B7348E40EDFCED91463D1F6F9E83C6F7B06670DBBA288A2FA6B33570A0E
    SHA-512:B99701A3B41352B248F6BF23B0FC8883A48B2CF4F5F80DD62281D11895970A10DFBA68865E703FC83FF6276437049997547C4E83C4410E545F3B02C2C4B3049C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......B.....@......................... ................ ..................."..............T............................................................................text...,........................... ..`.rsrc........ ......................@..@...............>...T...T..................d..........................$...........RSDS.........LL.B.......api-ms-win-service-private-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ............LL.B.......dS./.6..................................H...........8...z...........'...f...................\...............;..............."...W...............G...................J...w...........$...[...........................

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-service-winsvc-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:21B2EA7453CAEB11F234DFD2BB620CE0
    SHA1:AD9BF289777F64DBE4AA0D57009D9F6C328C2338
    SHA-256:A9C8E23E5C9D087350B42CC75925164A388F917BB971393362EBD813696CC23E
    SHA-512:3D1A562C7C089AF870B0FEBB97E9346F18707C40BF24ADB3D2B71F9D900FD70335F500CD81D4F3CB7BD2356BBC4D7BF88AFC9A0A804D3D8D80CD4F2C603B27FE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....}............!......................... ...............................0............@......................... ...{............ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@......}.........=...T...T.........}.........d.................}.........$...........RSDS^........b.. .......api-ms-win-service-winsvc-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ...{....edata... ..`....rsrc$01....` .......rsrc$02.... ...^........b.. ...w..N..2.`M....}...........}.....L...............H...........................<...j...........#...Y...................2...m..............."...R...............C...v...q...............-...T...............B...y...............

    C:\Program Files (x86)\Topaz OFD\Warsaw\api-ms-win-shcore-stream-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:FCD1C95C0852671F08488A2220516C8F
    SHA1:DE622679B6B1A0D3945F105B10502AD70ADEF108
    SHA-256:7057CF9CDE917D987D16A835406CDF699593FBD6C4D20BFD8C0F08DB7C11F058
    SHA-512:78794EEFD0DE57D29FCC3041A6FC8D296D87E564C96B0FB80AB48965C2F1124E35363D3831B3043F12C66B4EC8EFD4BD0039096DB42837892C590C4C4230B8FE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...W.`&...........!......................... ...............................0.......+....@......................... ...X............ ..................."..............T............................................................................text...x........................... ..`.rsrc........ ......................@..@....W.`&........<...T...T.......W.`&........d...............W.`&........$...........RSDS.ls.=@^.T.D.."d.....api-ms-win-shcore-stream-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...X....edata... ..`....rsrc$01....` .......rsrc$02.... ....ls.=@^.T.D.."d......4s.a..W.`&............W.`&....................H...............1...V...|...................D...y...............5..._.......$...F...n.......................b...............$...N.................................api-ms-win

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-00JJP.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):13840
    Entropy (8bit):6.76662593099467
    Encrypted:false
    SSDEEP:
    MD5:22ECCACDF6DAD4A35B60A5726BAF492A
    SHA1:A8A1AB8D5D1E34E51A22F922A9E55DAA59E79360
    SHA-256:E6262F1B9BAC96EA5CE35AED519190EBF29E27C64AA2FA237D8D87880CC09A6F
    SHA-512:B11DDD8265652FD31252EF6C261EF817D9E2C27D1A839BBD54DF2B17CE69D0562620FE8F241D623FE502E8A7F5E7ED77F2D46DAE3553836C93433C4943F4DD05
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@................C...T...T...................d...........................$...........RSDSmc[..r'*-...c..o....api-ms-win-core-kernel32-legacy-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...mc[..r'*-...c..o..bP`5..RO..................d.......6...6...H... .................../...[...x...............)...T...................B...o...................;...i...........(..._...................U...................:...]...}.......

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-1D0ID.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11816
    Entropy (8bit):6.817885642366818
    Encrypted:false
    SSDEEP:
    MD5:1EC8473900C4CB2F0A4DF10C822E0CD7
    SHA1:287B23F5FBF7134164324633CF633109FC989EF3
    SHA-256:86AF2E1DA81ED477B843A1FDA0C7BD0018BB520DF5363F72E9EE67B73F33DBF2
    SHA-512:1C8134D3CE65703727E09FF68AAF44C3FF5EE25F1B67520970F67C6EA1E3B0A82C534947A91774C7F1865003BF98660780FA12CD008D542AC54053D5F29D442B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L......o...........!......................... ...............................0............@......................... ................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......o........8...T...T..........o........d..................o........$...........RSDS.H..E".*...L.q.....api-ms-win-core-comm-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....H..E".*...L.q..)....1.}......o...................o....................H...........+...R...}............... ...H...n.......................@...c...............C...j...................;...^.......................0...Y...v.......................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-257GR.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.7990003216593475
    Encrypted:false
    SSDEEP:
    MD5:4711C70708B086AD8604F89FAB224A41
    SHA1:05ABCC2353FB069770938A93B3E0AB0A4CB9E723
    SHA-256:CD0005D837BA116E0473F699588AB3B5542CB7A697769FFEAAC5750EC9E54A95
    SHA-512:2C9C8694C986167FDE8ECD5610BEEB81DF1B16898DA4B6598B2C57CA5F783F0368583478E94D40DB80CDCB5F2B9F6577BCFAF5D5C4725EBDCFEA1D86BB3CD7C1
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....;............!......................... ...............................0......L.....@......................... ................ ..................."..............T............................................................................text.../........................... ..`.rsrc........ ......................@..@......;.........8...T...T.........;.........d.................;.........$...........RSDSf.~..4H...F.X.......api-ms-win-core-file-l1-2-1.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...f.~..4H...F.X..._.......\.....;...................;.....f...............H...T...`.................................api-ms-win-core-file-l1-2-1.dll.GetCompressedFileSizeA.kernel32.GetCompressedFileSizeA.GetCompressedFileSizeW.kernel32.GetCompress

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-2R39D.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.803557857670019
    Encrypted:false
    SSDEEP:
    MD5:C6A1DCA7243D80014820C75EDC1C6BAB
    SHA1:D412225A94E646CB621897057B0BC688ED11C972
    SHA-256:198EEE5E2257045C1450906533D1D5C2EEB1C953879B1A3ECE3F481FAEE2F299
    SHA-512:184B6BF3C18D2C9E44D3AE4738A843806155B938D34D30CC4D9DF05DE8E1819B833C678AA267EAD9C259442C49464F3FBB911720FF309AD8F0520D2064B9E4E6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...c..............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text...:........................... ..`.rsrc........ ......................@..@....c...........;...T...T.......c...........d...............c...........$...........RSDS.b|.40.n.H$m........api-ms-win-service-core-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....b|.40.n.H$m.....]OX\yk~...c...............c.......f...............H...T...`.................................api-ms-win-service-core-l1-1-0.dll.RegisterServiceCtrlHandlerExW.advapi32.RegisterServiceCtrlHandlerExW.SetServiceStatus.advapi32.

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-3BN84.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12328
    Entropy (8bit):6.774370904658887
    Encrypted:false
    SSDEEP:
    MD5:29EE4BC0912F513E4ADD55C8A49F6AC0
    SHA1:0B866C4A89A704EB3B86CE7FB4ECFC1C1253246C
    SHA-256:35BCA3BA92382FB21A89C1C7DC805E14E6D1A3C4F77F8B3A3BE8E275D92C11F8
    SHA-512:5E63D0B440B9FF2842C6F28628517BBC2F4D9926F02C39E3368B58DA47ED85B7166C6BFA50505C230BC2909E382346EC76B62CDB0E9109C2AB5C7D318DAF30A6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...o.2............!......................... ...............................0.......7....@.........................0...x............ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................o.2.........:...d...d.......o.2.........d...............o.2.........$...........RSDS..l.}...q...$......api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0...x....edata... ..`....rsrc$01....` .......rsrc$02.... .....l.}...q...$...^.....{..i.o.2.............o.2.............$...$...X.......x...............-...F...`...y...............................J...e...........................%...A...\...v....................... ...=...Y...v.......

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-5ERA9.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):15376
    Entropy (8bit):6.6579822736778675
    Encrypted:false
    SSDEEP:
    MD5:5952EFB6ED10024E72063091DDA6416D
    SHA1:F0797762B68B1CA6D7417309E90ECA340754BCD9
    SHA-256:B599543863DD9B05B55E501E8E7535CCB8D83420E1DD306A12D32FE9E7A79675
    SHA-512:DBA74C5FC4E9D5A9F9D873BD3B117CB94430606218084F774C0A3595F7F3272DEB8D463F28F04A1ADD5DA98A2CE2ACB1A051874BA3BD0EFB3E1E21841C20BFF8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...w..............!.........................0...............................@.......+....@......................... ................0..................."..............T............................................................................text............................... ..`.rsrc........0......................@..@....w...........7...T...T.......w...........d...............w...........$...........RSDS...<KbXj.....?.....api-ms-win-core-com-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata...0..`....rsrc$01....`0.......rsrc$02.... ......<KbXj.....?.h...bg;....w...................w.......h.......P...P...H...........................H...g...................G...s...............0...b...............&...L...s.............../...]...................@...h...................B...l...

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-5L4LQ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):13840
    Entropy (8bit):6.811602400686406
    Encrypted:false
    SSDEEP:
    MD5:722683BB7732E88AD323BC181EB7B685
    SHA1:4F3C350B787B2DF36CB0219791A89937E6A0A5AE
    SHA-256:DBE3C8D13C67EA4851F1E4AB469C3FF489FF7AA98DA4064AD2F3AD16FD6DB56F
    SHA-512:ECDCA86D6E388C19594EB2A47F073029D9801583B11F693F2AFC97F4349C472423F9756BE3441000155E78E082D9EFDA64AFCEB33FB2B08BF4E2289732E78E1C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....f.F...........!......................... ...............................0.......>....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....f.F........@...T...T........f.F........d................f.F........$...........RSDSkR...<...L.,.>......api-ms-win-core-louserzation-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...kR...<...L.,.>..n.N.#$..E..f.F.........f.F............;...;...H...4... ...........-...\.......................5...U...}...................A...i...................1...n...............O...................O...~...............&...O...|...

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-5N7BM.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):17424
    Entropy (8bit):6.512973550382468
    Encrypted:false
    SSDEEP:
    MD5:973B093DFD5809176D4FFC0AE7E4940E
    SHA1:DC367A3A427FE26645696646A1CB27BFEBF9BC69
    SHA-256:B5CD23A1FE10F33C55A57B80522EC4803A6ABB2CDB54AC9CBBAA2A9C7E0F680D
    SHA-512:0E1F81CF51712DCA411914DFED618AC65F67DBD2484A028044AE1195E678FDC934091B532374AD66AAD9230991F4EDA5F59711A25408AC95F9CC30E01B6FDA40
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...I.o?...........!.........................0...............................@.......C....@.........................0...a............0..............."..."..............T............................................................................text............................... ..`.rsrc........0......................@..@v...................I.o?........8...d...d.......I.o?........d...............I.o?........$...........RSDS.../L...{;[3.m5.....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0...a....edata...0..`....rsrc$01....`0.......rsrc$02.... ....../L...{;[3.m5.4.W.6.......I.o?................I.o?....................X.......P...............1...l...............Y...............P...............?...x...........0...Y...t...............................;...^...................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-5V3FO.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):13320
    Entropy (8bit):6.809778662301574
    Encrypted:false
    SSDEEP:
    MD5:4CB3789051A8AE05DF2E032761C2DDA6
    SHA1:2771E2219DA95B4E1B4BF881032EB6D1F7C9417B
    SHA-256:91C09218C3B3C2D366D06053E09BD4F417D5F7B9432ECDED0E010A7AA3FAEFF5
    SHA-512:6314609ADB1E1E6E2A9CDB5C555F83C0225AC11E88149EB443B54F7FE4D324336BBDDC3143F896C1901B03C5A048F213218D9FA2D4299113E36DA4718FD293DE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0.......u....@.........................0................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...............................=...d...d...................d...........................$...........RSDS...gK6.....T[.;....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ......gK6.....T[.;2.>.Wf:Y)t.............................A...A...X...\...`.......*...D...]...v...................$...I...m.......................0...O...o.......................%...<...W...x...........................8...

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-6GDPM.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.933850602060794
    Encrypted:false
    SSDEEP:
    MD5:488776E0B078337A0010D610DB402CEE
    SHA1:DCC7A02EE59EC53D9AC5AD6D43610A295EA8A665
    SHA-256:AA6760D12BC13919DF30F3D1E042D5D4F07F731AF6C6EFB5DDFD14958FC34A45
    SHA-512:B24B3BD32DC54E8654D2D50682EB07387BF6C5B0C8F2AE8DDF5E3BF26C7D6535951D8E443A38CAABE1CD1C44D68A4CB20442A21636DA53A1F498D9159CFAA021
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0......t_....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@................8...T...T...................d...........................$...........RSDS.0.O..}_.1..j~n....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....0.O..}_.1..j~n...D....................................................H...t...............'...S...................A...k...................C...l...............6...U.............................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-7037H.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.912951148369995
    Encrypted:false
    SSDEEP:
    MD5:933BE511E2980FF529751D9579CCE838
    SHA1:C9DC098896860E51205A1DAE8D77FBA8C258EC7D
    SHA-256:AA7DB5CB61F2070373881E7E39EF780B1FB7BAB390408EDFD3FE266AD304C753
    SHA-512:C4EB72335BFF9E7EFD1E2FB9A70438FE3F5AB03D6813CDDCB31658624EF2DF94CC8A1DDA5BCEB889E281F30781E098F8263071039A97803E4A4FE467177AE35B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....D............!......................... ...............................0...........@......................... ...q............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......D.........B...T...T.........D.........d.................D.........$...........RSDS.....xa...Ei.....api-ms-win-core-processthreads-l1-1-2.pdb...........T....rdata..T........rdata$zzzdbg... ...q....edata... ..`....rsrc$01....` .......rsrc$02.... ........xa...Ei.%.N*..........D.......D.....................H...l...............C...x...............B...s...........,...c.............../...^.....................api-ms-win-core-processthreads-l1-1-2.dll.GetProcessPriorityBoost.kern

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-8HES7.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.917615665254898
    Encrypted:false
    SSDEEP:
    MD5:4E7BD9D00F6923063F95518D01E4F8EE
    SHA1:3B827A6283ECE7E527467DA5A3D1B6E33E464B72
    SHA-256:2CC6F04E9D8161F14B54B415CD103DF75E0B19782B3456C5222E49D913C29D02
    SHA-512:89FF7F35A5FB05F005BF41BA5EEE36EB15073FF0AB6849B15B4473D2551B9FC55C793586F532A47A7828050C6715CCA7A163D9431019276F7426EF16FCF2CB97
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...t..O...........!......................... ...............................0......&k....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....t..O........=...T...T.......t..O........d...............t..O........$...........RSDS.0..PLv.......L.....api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....0..PLv.......L....'.@_ S<.wt..O........t..O....................H...p...............2...Z...............<...o...............'...F...w...........$...]...........................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-9AID7.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10768
    Entropy (8bit):6.962669751866024
    Encrypted:false
    SSDEEP:
    MD5:0579BE94C6008F412EB935B677BEC0F7
    SHA1:7CF83F2D3AF118F935EB529EBED53FE382D19167
    SHA-256:F3CCFA06A73A0FEC97DE1BA5E7AAD27CA7D80875E5982AA12CAD51B5D49AC87E
    SHA-512:173BA37BFC35D33F677D733B0F371D09F2001FE2C531E3C41101A06BF092C6AD9BD05DDC6DC639F0E05D2442163D012A8BF9004E120EF4D2D45C19150B74FEB4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...gP.X...........!......................... ...............................0.......a....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....gP.X........@...T...T.......gP.X........d...............gP.X........$...........RSDS.^.1.:..8T..=.vv....api-ms-win-core-stringloader-l1-1-1.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....^.1.:..8T..=.vv....X]g0....gP.X........gP.X....\...............H...P...X.......................api-ms-win-core-stringloader-l1-1-1.dll.LoadStringA.user32.LoadStringA.LoadStringW.user32.LoadStringW.......................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-9T1MH.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.858448664044849
    Encrypted:false
    SSDEEP:
    MD5:399C51423B8AFE1B238FB116A2302A55
    SHA1:E4FF56F468F1C8C2B097A68349DC053E6D79284D
    SHA-256:661148F1A579B2ADD28037DF453EAE82EC96929FAB448F61E05A7C69CF2195A2
    SHA-512:C6B7778F94E169E627C0450917387C4E1F0B88269848392C2E2013F3F5C47E2D1458ED83C0FF27B04BADE779716C3E59D7F9BD5FED94AED0133CF2C79F5CCD22
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......c,....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@...............;...T...T..................d..........................$...........RSDS@Y......2.;.-.......api-ms-win-core-sysinfo-l1-2-1.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...@Y......2.;.-...Vh....R...........................z...............H...\...p...........J.................../...n.................api-ms-win-core-sysinfo-l1-2-1.dll.DnsHostnameToComputerNameExW.kernel32.DnsHostnameToComputerNameExW.GetPhysi

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-9VM8C.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.775576172319753
    Encrypted:false
    SSDEEP:
    MD5:6B0CDB5E8C52AB72EE24AD276EC671B0
    SHA1:F343DA04B881C77E3019E886A45D6BB7EDF99146
    SHA-256:D6416B7348E40EDFCED91463D1F6F9E83C6F7B06670DBBA288A2FA6B33570A0E
    SHA-512:B99701A3B41352B248F6BF23B0FC8883A48B2CF4F5F80DD62281D11895970A10DFBA68865E703FC83FF6276437049997547C4E83C4410E545F3B02C2C4B3049C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......B.....@......................... ................ ..................."..............T............................................................................text...,........................... ..`.rsrc........ ......................@..@...............>...T...T..................d..........................$...........RSDS.........LL.B.......api-ms-win-service-private-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ............LL.B.......dS./.6..................................H...........8...z...........'...f...................\...............;..............."...W...............G...................J...w...........$...[...........................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-A3DG0.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.851819613618399
    Encrypted:false
    SSDEEP:
    MD5:8EA7DB6DD9089F0AC1D9B4FF0B79AB8A
    SHA1:2A10782E6CCD88A7AEC6909C4B5A753B5F7055BF
    SHA-256:657006E6043C929B6606D843AD86F942ED354EE5948B647348F36A98035CD6CC
    SHA-512:B4A910A72CE83F7E21878D1D7818B6E367D4776967B9896C776C340A665BB6902D527A2A68EA5E42DD9C2DDE879A624EEC7B9093C00E4A688882C94147FB51BF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...]j.............!......................... ...............................0......%.....@......................... ...|............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....]j..........9...T...T.......]j..........d...............]j..........$...........RSDS...!.u.3....7.)K....api-ms-win-core-debug-l1-1-1.pdb............T....rdata..T........rdata$zzzdbg... ...|....edata... ..`....rsrc$01....` .......rsrc$02.... ......!.u.3....7.)K....yZ.:.`#.]j..............]j......z...............H...\...p...............O...................8...o.............api-ms-win-core-debug-l1-1-1.dll.CheckRemoteDebuggerPresent.kernel32.CheckRemoteDebuggerPresent.ContinueDebugE

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-AEBSU.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10792
    Entropy (8bit):6.950195404490337
    Encrypted:false
    SSDEEP:
    MD5:36087F1563333F8375D816286CE2BD83
    SHA1:26D252A88705E7905F0497CC5A797E44E31116C5
    SHA-256:DD3A40BB87947CB8E60DA3DA60B35A64895A7FCC026468F8ACFDCC4124C80C9E
    SHA-512:C7E778944C3F06207FFCF798F91667244832345109E968694D0C3CC76614F83CBD2DE25257369C885C0C06FE3C1C41DCC92A5B02F71E246B9CE00AFE5ABA36C5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...t;@?...........!......................... ...............................0......\z....@......................... ................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@....t;@?........D...T...T.......t;@?........d...............t;@?........$...........RSDS..b..a...........API-MS-Win-Core-Kernel32-Private-L1-1-1.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....b..a.......P$7..4..v...t;@?....t;@?....R...............H...L...P.......~.....api-ms-win-core-kernel32-private-l1-1-1.dll.PrivCopyFileExW.kernel32.PrivCopyFileExW..................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-ARARM.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.955603958537422
    Encrypted:false
    SSDEEP:
    MD5:FE49707BC56E1E8D183E2CC12192143E
    SHA1:35AC5BFDA1BB9B33DACA10C5CB3CC8F7D5B6E535
    SHA-256:27B6940A51705998D6C34453B2FF11456FE983A81520E1A6A2848C4A52782065
    SHA-512:928D6BC001A765F7D54ABF9A220AED737104E3238459EE53A89DE78CAFA5244B1AF8F8043A5FD957EF393E12D0DBC883103442F364696C656105C7229BAD212E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0.......,....@.........................0................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@................I...T...T...................d...........................$...........RSDS......<52.../}I.....api-ms-win-core-louserzation-obsolete-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... .........<52.../}I..~d..p.3.f1.........................................X...................k...............&...e...................Q...................J...............................api-ms-win-core-louserzation-obsolete-l1-2-0

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-C4DKQ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):76168
    Entropy (8bit):6.781149490150774
    Encrypted:false
    SSDEEP:
    MD5:87DD91C56BE82866BF96EF1666F30A99
    SHA1:3B78CB150110166DED8EA51FBDE8EA506F72AEAF
    SHA-256:49B0FD1751342C253CAC588DDA82EC08E4EF43CEBC5A9D80DEB7928109B90C4F
    SHA-512:58C3EC6761624D14C7C897D8D0842DBEAB200D445B4339905DAC8A3635D174CDFB7B237D338D2829BC6C602C47503120AF5BE0C7DE6ABF2E71C81726285E44D6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ix..-...-...-....|./...$a..&...-.......h..>...h..8...h..1...h..,...hl.,...h..,...Rich-...................PE..L....._.........."!.........................................................@......{.....@A......................................... ...................#...0..x....#..8............................#..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc..x....0......................@..B........................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-DC0KH.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.789055013755198
    Encrypted:false
    SSDEEP:
    MD5:81533882FF1A2BEDF27D87F44984C387
    SHA1:B3ED2A21A8DE961E9072FC84FCB1B16C0F07AFEC
    SHA-256:A2E2C2F8CD2A8F1DC085147DFF936F399BA22DD040D996886EFC286432908D2F
    SHA-512:60B3FA6EFC04BD4AC2C731BDA9ECE34ED8FDF582B4990995CBC3F14C24AC86CBEAFA471CFC0A4E8626906361D11CE3C774E6AC97E0371F9057BD454CB239C12C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...M.g............!......................... ...............................0......AG....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....M.g.........B...T...T.......M.g.........d...............M.g.........$...........RSDS...T..7?qV!.........api-ms-win-core-privateprofile-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......T..7?qV!.....!?G)..~M....M.g.....M.g.....\...............H...P...X.......................api-ms-win-core-privateprofile-l1-1-1.dll.GetPrivateProfileSectionA.kernel32.GetPrivateProfileSectionA.WritePrivateProfileSectionW.kernel32.

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-DDQS8.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):16912
    Entropy (8bit):6.636126695662907
    Encrypted:false
    SSDEEP:
    MD5:CFBB1A13CB222D1B1DC759A1F1F6A582
    SHA1:7FAC3A747AF1FD6B54120E928904031EF160AED1
    SHA-256:920ED4F76EE53D4F813457E4FC95562054D1C12038C70FDBB4D0263C178AFC7C
    SHA-512:A82E007702EA82B3F5AA46BA0E4317C8E4516E58E8EA77EB2F9AA25E7C94E1687553D7B80F512E61E2AB3215BC4DF285767647AE8B4BA38887FD0688E9FEF28F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!.........................0...............................@.......I....@......................... ...I............0............... ..."..............T............................................................................text...i........................... ..`.rsrc........0......................@..@................<...T...T...................d...........................$...........RSDS._...p.o..k..Mh....api-ms-win-security-base-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...I....edata...0..`....rsrc$01....`0.......rsrc$02.... ...._...p.o..k..Mh..'.m.....s.................................a...a...H.......P...B...q...........&...}.......)...\...............3...\...~...............>...o...............M...............1...t....... ...R...x.............../...V...w.......

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-DDUV9.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.783080365564218
    Encrypted:false
    SSDEEP:
    MD5:7A0B6A45D9EFDF3ADD47DC27C3589600
    SHA1:2BC2CE501B587BB708D539FCF79F6973305F2B32
    SHA-256:0B3340195714B12761F0DEC7204038DF0A1CAAB3B7D4ED29BEBC6B851DFF099C
    SHA-512:73585050F75DCD27B56E5F706997C749BFCF7370D067CBFD9DE3D314B839570BFAEB09009758843E898CB84687101E89295EC3758DD95F6299AC08D2C0FC65E0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...ofq............!......................... ...............................0............@......................... ...+............ ..................."..............T............................................................................text...K........................... ..`.rsrc........ ......................@..@....ofq.........;...T...T.......ofq.........d...............ofq.........$...........RSDS)..!....`]'.X.6....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ...+....edata... ..`....rsrc$01....` .......rsrc$02.... ...)..!....`]'.X.6...j.\b.@P..ofq.............ofq.....................H...............'...L...w...............:...g...................4...........=...d...............(...U...................&...............................api-ms-win-core-cons

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-E743S.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):14648
    Entropy (8bit):6.688193675416174
    Encrypted:false
    SSDEEP:
    MD5:97F5482C9C49139AA786C006309DA3CB
    SHA1:D4BA27D43CBBBA0B79065CEDD3862D05877F9F47
    SHA-256:CE3E4F16B07D6C6753DECD6C5F30AE75755D6BAF33F2A9551E98458EA427DB25
    SHA-512:FC1B3FA085138D90ECD99B29071E353ADB2647BC2ABE2AF22A0AF1F2C9C496D02B9624D256A0D710CFB6267FC16D96A703BCEDC34E4E3FAB5F0E0CA272353766
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!.........................0...............................@......we....@......................... ................0..................8!..............T............................................................................text...'........................... ..`.rsrc........0......................@..@................8...T...T...................d...........................$...........RSDS).,...L.Yv..`.....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata...0..`....rsrc$01....`0.......rsrc$02.... ...).,...L.Yv..`...."..fw.E..............................6.......K...K...H...t.......f...................(...N...o.............../...q...............=...f...................B...k...............!...P...y...............,...]...................+...

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-EBS3T.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.804441364839301
    Encrypted:false
    SSDEEP:
    MD5:C2523931BCAA528B13C373C576202DB3
    SHA1:D621DF54DA8AF34BFF0D2113B9054FDD920BB374
    SHA-256:09947397737DCAC66A01806A09DFB1944312A26B0A039E9577139CA4A48073B7
    SHA-512:A89DB67D71943045036D88F7FA1D7293081A380A632A12920076CA5308333A6ABA09311A1D0F5BB36E3AF600FC52A3332CA0CC4AAD0AD53A7FD39C1C8BFA12E2
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...jV.............!......................... ...............................0............@.........................0................ ..................."..............T............................................................................text... ........................... ..`.rsrc........ ......................@..@v...................jV..........8...d...d.......jV..........d...............jV..........$...........RSDS........'.s5/..d....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...........'.s5/..d.%3&m...;\..jV..................jV......................X.......H...........4...n...........#..._...............................=...\...|.......................=...\...|...............................W...........

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-F237R.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):15880
    Entropy (8bit):6.607364037344768
    Encrypted:false
    SSDEEP:
    MD5:29B1BA1EC35CED475845FFBFA91814DA
    SHA1:A2BFF0C969EE63A7F384211FAA31C84FFA456158
    SHA-256:F3765538783C9D9FD2A14560BEC60145B846EB093EA531024CBAF21E1BF9A037
    SHA-512:1C0C4B8EAE6F62A37644D80AB3CC6A2D0E7F9B01AE6BE3D2BE7FC99AE4EA9F922EEB87DCAB3EE02E7964C047E34708489AF5DC290D6C0A927A37172B423D0789
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....2.O...........!.........................0...............................@.......r....@.........................0................0..................."..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................2.O........:...d...d........2.O........d................2.O........$...........RSDS.:.....1../..$.*....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ....:.....1../..$.*j`Y..+J......2.O.............2.O............k...k...X...........................6...T...s.......................>...e.......................+...I...n.......................F...e...................&...G...d...

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-F54EF.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.810884032514255
    Encrypted:false
    SSDEEP:
    MD5:7113782A850F458BD8AB0F806605C938
    SHA1:85C53D397C433FBDCE6BD93754ABB88F9B095B19
    SHA-256:D7DABFA8B1F3D75719772E53D71C4F877B987234D6458FBDA6EB49BB7AA5827F
    SHA-512:4391A48443F0CDE54C092060CDCB7C1E0FD80F9DBE02CA225F0DA07448667EAEB26E0D99408BFEC01103947CD2A05798004B61AF535FA8895A930EF03D8DA62F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....8............!......................... ...............................0......m.....@......................... ................ ..................."..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@......8.........;...T...T.........8.........d.................8.........$...........RSDS..6..wA.c.f@..=....api-ms-win-service-core-l1-1-1.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....6..wA.c.f@..=....I.x.}Qm..8...............8.....f...............H...T...`.................................api-ms-win-service-core-l1-1-1.dll.EnumDependentServicesW.advapi32.EnumDependentServicesW.EnumServicesStatusExW.advapi32.EnumServi

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-FIL7C.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12296
    Entropy (8bit):6.756042231550701
    Encrypted:false
    SSDEEP:
    MD5:4EBEAF6377B940AE73D44265AC0281E1
    SHA1:93D1190966BC347E8AC091737FDF1D8444AE95E4
    SHA-256:AB4753FA5825FB9B028A75B2C4D49E9C476DD1267E2F6F9D9C2317B6FA41D609
    SHA-512:A0B5EC87B60FBB72AB4FDBEDE228EE1900D179CC056AC67A5B46190BC008A05DD662DAED28DCF94CB90D8CC954A3249F52BC20A6C49AD32A1AD97ACDAABAED45
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......[.....@.........................0................ ..................."..............T............................................................................text...F........................... ..`.rsrc........ ......................@..@v..............................7...d...d..................d..........................$...........RSDSa;PZ.1......."......api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...a;PZ.1......."..f.p.r.7....C..........................f...............X.......0...................I...................'...E...a...........................@...l...........................5...................1...j...............

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-GBV4Q.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10768
    Entropy (8bit):6.972236503678306
    Encrypted:false
    SSDEEP:
    MD5:072A6F3AE231DEA295EBED9E00870B51
    SHA1:3C3B19C18AE955100BC1068016B8945D4C2CBB08
    SHA-256:247CFE0E970EECDD3CB6079901A95073E0C7FDA5AD423F1A101CA4D61C33E20E
    SHA-512:7A93475A3C48DB28F7C36102FC8965626C6FCD7DFC79C67E8927FE2E1F35AC977EF77628E1642474AE801BAE58659D0759CB175DE60D3D1AF2F52D143032625E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....!.............!......................... ...............................0......sJ....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....!..........@...T...T........!..........d................!..........$...........RSDS.DM..;..CiF.........API-MS-Win-Eventing-Consumer-L1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....DM..;..CiF.....Il.> w.c...P.!...........!......f...............H...T...`.................................api-ms-win-eventing-consumer-l1-1-0.dll.CloseTrace.advapi32.CloseTrace.OpenTraceW.advapi32.OpenTraceW.ProcessTrace.advapi32.Proces

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-GQLAS.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.845872292429088
    Encrypted:false
    SSDEEP:
    MD5:CEF2075613E1DECC3A573793A7996BF1
    SHA1:802B27233D741FE5779CE5A0CD2E9D9B2240E583
    SHA-256:8B2B61FF3183F21B502AD41A4D7FD6B40DEA38D7E65B62E90A35E933B2CE797E
    SHA-512:157D0129F6D1A17F634EACF61B7E3AB0BB38816D18618150D9278FD39ADEDB09338822699BD5774A2836C9B6D355EA0BAC2824B78CDC1EB688C265AA23872C79
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L......I...........!......................... ...............................0.......H....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......I........B...T...T..........I........d..................I........$...........RSDS...W..w. ..v-.......api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......W..w. ..v-.......Q.c.w/.Y...I.......I....................H...............M...............B...w...............>...n...............3...p...........'...f...............2...S.......................................api-ms-win-core-proc

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-GSI34.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.904931339446621
    Encrypted:false
    SSDEEP:
    MD5:5AF90447CB314B04350F18C10A4A36BE
    SHA1:3998DC0294E962E070E1B32DE0DDAAF7B0A722B7
    SHA-256:B3B63C5BA142093E8F1AFADCDD2972B57633011B795DF6A8B75EF3B28C6EC8D6
    SHA-512:F38CDF192F58EC5B3662EACBC0FD643E6A67ACCA5DF3BB6E2F1A505270755EB158D3772FA5A84354D03F2AED1F91ED8B79AEE958582B653A78368F7C93AEBD0D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....."...........!......................... ...............................0......g ....@.........................0................ ..................."..............T............................................................................text...9........................... ..`.rsrc........ ......................@..@......"........G...T...T........."........d................."........$...........RSDS0,;..2s.l......Z....API-MS-Win-Eventing-ClassicProvider-L1-1-0.pdb..........T....rdata..T........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...0,;..2s.l......Z..$..p^..i<..".................."....................X...x...............N...............................9...l...................................api-ms-win-eventing-classicprovider-l1-1-0.dll.GetTraceEnableFla

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-GTJ3V.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):166792
    Entropy (8bit):6.8002782588205966
    Encrypted:false
    SSDEEP:
    MD5:79F7F9901176F90A6F9F45C406335286
    SHA1:5A425B3CBE73C8BDF5593D9387B9EF3B52AC8C25
    SHA-256:5E04C86E1EA8D79F2C1B52E4DECEEEF5785EB67375699F60609FEEDF59F13AB1
    SHA-512:A03A2C63AA37451EECBC67D0492D53FE5A057414C3FC75A64C8D6B303D30C2A1DA46C84BF9549B6E937EF07A01857CC3F2784F816F187E6C7AA59DC890CCB505
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2.Y.\.Y.\.Y.\..D..[.\.P..U.\..X.R.\.._.[.\.Y.].=.\..].\.\..Y.J.\..\.X.\...X.\..^.X.\.RichY.\.........PE..L...._.........."!.....,...<...............@.......................................-....@A.........................4..@....Q.......`...............h...#...p..H....\..8............................\..@............P...............................text....*.......,.................. ..`.data...(....@.......0..............@....idata..`....P.......8..............@..@.rsrc........`.......F..............@..@.reloc..H....p.......J..............@..B........................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-HENGA.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10768
    Entropy (8bit):6.9530674956515925
    Encrypted:false
    SSDEEP:
    MD5:2626E9D27E4B31E24631718849753590
    SHA1:6FEDFC59587C2E6C328C8369065294AABD626789
    SHA-256:15B53770A0A865FA0EE9C5018D694C69458C8B31AC486AD7C98B50632EE044D1
    SHA-512:688ECFBD542E56C1E755C96985B3C80B10D17145D7C4DEA5407555E4B7E2742F7848FB6189FD1A25C8C23EB73970F79C9ECAC62FFEB5A9234ACA5897636D8C3A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....+Y............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....+Y.........A...T...T........+Y.........d................+Y.........$...........RSDS....,.lu`F.Unct.....api-ms-win-security-lsalookup-l2-1-1.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .......,.lu`F.Unct.Xu.....j.`.+Y......+Y.....R...............H...L...P.......{.....api-ms-win-security-lsalookup-l2-1-1.dll.LsaManageSidNameMapping.advapi32.LsaManageSidNameMapping.....................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-HLK4M.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.855963835847842
    Encrypted:false
    SSDEEP:
    MD5:23350C4A2B9189E78F8E2FB77A26EF21
    SHA1:B0908136A598F12226BE872243FFE92275E5CC03
    SHA-256:3BE94D686458B00D0F9B51976EE90297171AEA64B8A517E3A9D2AD9353E8F4CE
    SHA-512:F4FC4F1C2205ACFD75CBFB7F134EBE6B05720EF20A9FC2C6135B8EE300EF4483EFE3F466898CC85AD916545287AD3C446E2DF6B6C3FFF5781A0C59C200EE2639
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...jc.#...........!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....jc.#........@...T...T.......jc.#........d...............jc.#........$...........RSDS....N..;.....)f.....api-ms-win-security-provider-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .......N..;.....)f....Ng..w...gjc.#........jc.#....................H...`...x...........0...Z................... ...I...t...................api-ms-win-security-provider-l1-1-0.dll.GetExplicitEntriesFromAclW.advapi32.GetExplicitEntriesFromAc

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-HN243.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10760
    Entropy (8bit):6.9373599706437385
    Encrypted:false
    SSDEEP:
    MD5:2D7173933869C5097769F139BA0A554A
    SHA1:4654094E907AE9280F7A46ADF8C3D1BF25C0A3D4
    SHA-256:B0E2261FC4DECAD29F396A93527D00A2EDE46E2647566B67237EE1164B7C3881
    SHA-512:C5484E3A32DB7849277E509B6966C77FE2448B95877162E4A79706BDB8104D77F411E61AF400F800F61A7C693E98F144C5C89EFBB53516E4331B0D54D41B2DE5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....o.............!......................... ...............................0............@......................... ...u............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....o..........8...T...T........o..........d................o..........$...........RSDS2f."...cg.s...g....api-ms-win-core-file-l2-1-1.pdb.........T....rdata..T........rdata$zzzdbg... ...u....edata... ..`....rsrc$01....` .......rsrc$02.... ...2f."...cg.s...g...8....,.o.o...................o......R...............H...L...P.......r.....api-ms-win-core-file-l2-1-1.dll.OpenFileById.kernel32.OpenFileById....................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-J35ES.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.874077618789601
    Encrypted:false
    SSDEEP:
    MD5:444BFD95094ADF70CCC225EE5EF5F70F
    SHA1:85C7220797AC14B641AA819DC546CE174949D5D3
    SHA-256:0E60481CC4AC0EA1C5358C22C68F9E23DE009EDBE5EA8429236915A62D119ACB
    SHA-512:6B435C2D9E3486296CE748AA7C54F03121565D083647CC643678AFAEAE5C2840CEAA95D5B007B9EF7E73DC680AD379920E5900264A002BEC8F78989C2C3619D6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...1..............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....1...........:...T...T.......1...........d...............1...........$...........RSDSL.p$...+.;;...q....API-MS-Win-Core-String-L2-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...L.p$...+.;;...q....&!..c<.t1...............1.......................H...p...................5...U...v...............................+...F...k.......................................api-ms-win-core-string-l2-1-0.dll.CharLowerBuffW.user32.Char

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-J422F.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.808669488804241
    Encrypted:false
    SSDEEP:
    MD5:3884A3DFCE42AFD1CC4B217CBDA8FA95
    SHA1:0CA8C9E06E40EFEB8FE7F48F7D786B869217560F
    SHA-256:9090B7D4B9E307E124D5744B2E579BED88B53B870F62E761766DB41217675D36
    SHA-512:6329ECC6178669E8259080DC4CEF869238306007C1672F4CC7E7022AF8CF789C0FA4526D3C396C1B77FD34A36EA88D44348E8B105314CE7F20EA22BF8191D145
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...D..............!......................... ...............................0...........@......................... ................ ..................."..............T............................................................................text...:........................... ..`.rsrc........ ......................@..@....D...........9...T...T.......D...........d...............D...........$...........RSDS........m}..Q;S.....api-ms-win-core-wow64-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...........m}..Q;S.F.U........D...............D.......f...............H...T...`.................................api-ms-win-core-wow64-l1-1-0.dll.IsWow64Process.kernel32.IsWow64Process.Wow64DisableWow64FsRedirection.kernel32.Wow64DisableWow64F

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-J6E0V.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.80705179866883
    Encrypted:false
    SSDEEP:
    MD5:FCD1C95C0852671F08488A2220516C8F
    SHA1:DE622679B6B1A0D3945F105B10502AD70ADEF108
    SHA-256:7057CF9CDE917D987D16A835406CDF699593FBD6C4D20BFD8C0F08DB7C11F058
    SHA-512:78794EEFD0DE57D29FCC3041A6FC8D296D87E564C96B0FB80AB48965C2F1124E35363D3831B3043F12C66B4EC8EFD4BD0039096DB42837892C590C4C4230B8FE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...W.`&...........!......................... ...............................0.......+....@......................... ...X............ ..................."..............T............................................................................text...x........................... ..`.rsrc........ ......................@..@....W.`&........<...T...T.......W.`&........d...............W.`&........$...........RSDS.ls.=@^.T.D.."d.....api-ms-win-shcore-stream-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...X....edata... ..`....rsrc$01....` .......rsrc$02.... ....ls.=@^.T.D.."d......4s.a..W.`&............W.`&....................H...............1...V...|...................D...y...............5..._.......$...F...n.......................b...............$...N.................................api-ms-win

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-JQ9T3.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.791745664624081
    Encrypted:false
    SSDEEP:
    MD5:D5D66D3EC243B8D528DEC68D3E898DA8
    SHA1:8862B71AFF701B9B9FEF790E0050751FAFD86D2D
    SHA-256:390ECCE204994C264616590DAA63211E820C10186D357CBAC7E17D4BDC971861
    SHA-512:DF78B03AA4681BF847CA6D50676934FEC205A3DB0C99218E17EC37EB675AB0D984386950803E6359782C7084FDD33BE8589A78B4EC990AE5DBE5FE2DE14D9B4A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....#...........!......................... ...............................0......_.....@......................... ................ ..................."..............T............................................................................text...4........................... ..`.rsrc........ ......................@..@......#........?...T...T.........#........d.................#........$...........RSDS. ^.J..I..P.s{o....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .... ^.J..I..P.s{o].5...asF...#..........#....................H...t...........+...l...............A...u...................Q...................+...`.....................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeS

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-K5OLE.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.8671970488084
    Encrypted:false
    SSDEEP:
    MD5:F9D19707C89F815916331AAA71B76539
    SHA1:9F51FEC20E752967C9993D169C78C28D60DEA6BD
    SHA-256:4EA3735ED1F0187F20584EED66C5D0D7AF74487DD840179BEBD691A9BB407DC9
    SHA-512:E27E5398617E3C4813433D0A7B98B8D0B7D78315440E7ACEE58A02F920E9A9580AB67CD65F936E364D3C74B588B2212435A661C0399AFBB77C46AC88CFC74F5B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....\............!......................... ...............................0......y.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......\.........<...T...T.........\.........d.................\.........$...........RSDSAkE......z........api-ms-win-security-sddl-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...AkE......z......)...ri.QR@..\...............\.....p...............H...X...h...........s...............>...............api-ms-win-security-sddl-l1-1-0.dll.ConvertSecurityDescriptorToStringSecurityDescriptorW.advapi32.ConvertSecurityDescrip

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-KH558.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10792
    Entropy (8bit):6.951823742316906
    Encrypted:false
    SSDEEP:
    MD5:29D3E67B34477B9EDE09D19BD9B5FBD4
    SHA1:3104DC7CCFAD02DF332BA5E38A2311890E70AD8A
    SHA-256:1C1DD6FFBF229E1DF5709B2F0E3B68145D84031BD999BACA698632D337D608BC
    SHA-512:ACB3DBCDD814D52CF918F4D35DB1FCE1C0A262FF727DFB6CFE0496A8C886AF6B3FF847FA81762625181A8ACB456889FD02D21F364E05467EF6BF2991D314ED0C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....0K...........!......................... ...............................0............@......................... ................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@......0K........@...T...T.........0K........d.................0K........$...........RSDS...@..y.....\!pb....api-ms-win-core-louserzation-l1-2-1.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......@..y.....\!pb..."..|F......0K..........0K....R...............H...L...P.......z.....api-ms-win-core-louserzation-l1-2-1.dll.EnumSystemLocalesEx.kernel32.EnumSystemLocalesEx..............................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-KNACJ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.789237027311262
    Encrypted:false
    SSDEEP:
    MD5:0E2BF1A4C8B1968FF8A4A1067300DB21
    SHA1:53CB33AB45D79BEE44661114A6E90F71440400BF
    SHA-256:F3366CC19D3BF6D5ECF93E753ED1432A02C74C6FB304F57762099086ED3D90F8
    SHA-512:290437CF09D3374AE8D714194C7C9BC9469291E3A6CB2957BB73B3F14CE55D7617EF00B46DC16E8260CCAE7942D04362FE3AA5C5B62B97AAA986986D7580DB2C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...ZC.G...........!......................... ...............................0......A.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....ZC.G........:...T...T.......ZC.G........d...............ZC.G........$...........RSDS.,.+O.{1.)...G......api-ms-win-core-fibers-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....,.+O.{1.)...G..0....-.m...sZC.G............ZC.G....p...............H...X...h...........................................api-ms-win-core-fibers-l1-1-0.dll.FlsAlloc.kernel32.FlsAlloc.FlsFree.kernel32.FlsFree.FlsGetValue.kernel32.FlsGetValue.F

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-LRJJ4.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.76920384034843
    Encrypted:false
    SSDEEP:
    MD5:4B594A356676EB6BD34BE923241BE632
    SHA1:794DEB1ECD0161BD3382ECC63C3EB89322032D90
    SHA-256:D623C42764AF9D1F0927EBDC90B46D12C1F66397FA712460AA0C80080D1CAEB0
    SHA-512:9049AC45D41A240ED62E48277184B063394B89EB049F7A9AB57E6A31938B928FD77E442E64E9EE76F781541546665097395049E7CB44A331FCCB8BA89662CCC0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....n.'...........!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....n.'........A...T...T........n.'........d................n.'........$...........RSDS..,.F=8..i..#.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....,.F=8..i..#...;"...x}.z.'.n.'.....n.'....................H...........g...................M...|...................]...................&...H...g...................W...................4...o...................J...y...................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-MRJTF.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11304
    Entropy (8bit):6.878866288047716
    Encrypted:false
    SSDEEP:
    MD5:5A4E5F8857BF51C43C7F3F35C126B8DB
    SHA1:3281190E1164D353C0E79A08B1416FBD1427651B
    SHA-256:347B90BBC092A4B2295FDE35EC415B20E65835ABAD497F62D81829730806B324
    SHA-512:E3A6AE2740883CBA0BF5E26F631E6E8361A1CA30AFF23D5FC5F9F31EAAC69AA321328674473F67F66159660EA0F3CADA550D65FF192E1BD83D6611258C77A2EE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....I............!......................... ...............................0.......>....@.........................0................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....I.........E...T...T........I.........d................I.........$...........RSDS..m=ak.....h........api-ms-win-core-threadpool-legacy-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... .....m=ak.....h....24R/~...E[...I..................I.....................X...t...............A...s.......................+...`.............................api-ms-win-core-threadpool-legacy-l1-1-0.dll.ChangeTimerQueueTimer.kernel3

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-NHJKQ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11296
    Entropy (8bit):6.803540820159747
    Encrypted:false
    SSDEEP:
    MD5:549E6D151EFF109A9575BEE0CBD3A6C9
    SHA1:37B793F1CFE889FD44555A873F01736A6027A682
    SHA-256:E8A95E217CC9C7FF52F9541C43DD8F56D2F7FA09FCD3BD7CA0ACBA0612836076
    SHA-512:BEEE8F9A1FC57CD2746F1999C635BE5FD3EB18EF79832FB200F63D5CCE78EA7DCD551CDB94BD9493650BC3450EA337074526954FE9F606CCD16717E9478A2815
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...}.............!......................... ...............................0......rU....@......................... ................ .................. "..............T............................................................................text...0........................... ..`.rsrc........ ......................@..@....}..........<...T...T.......}..........d...............}..........$...........RSDS...W`.3!..%..0....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......W`.3!..%..0..<.m../@...}..............}......p...............H...X...h...........................................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTim

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-NJRSC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.889287332854019
    Encrypted:false
    SSDEEP:
    MD5:C9EF0BBCEA4C7E2EE35A302ADAF6D9E2
    SHA1:D053A1159B9640DA6E9CD52AFAAFC5FB65C58A3E
    SHA-256:43ECD8AAFB4AF6308E0181052BC70177CD22FB5A23B459BCFE2B6C4192F263A0
    SHA-512:6F88B595132172CF7B8C939C3228375D11339793C9769E88F696A208ECDAC2342A070B6A0EFA211478F81B46ABE7D7D3C3A31CE6DB0B9B5CE040766FE04BE630
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...\@,............!......................... ...............................0............@......................... ...v............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\@,.........9...T...T.......\@,.........d...............\@,.........$...........RSDS......4.>{{..S.u....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg... ...v....edata... ..`....rsrc$01....` .......rsrc$02.... .........4.>{{..S.usFA..a...c./\@,.............\@,.....................H...........0...r...............?...w...............F...................D...w.......V...............,...[...............-...h...............0...a...........................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-O55NU.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.868998295126856
    Encrypted:false
    SSDEEP:
    MD5:B076CE111D5DCD734764E8F7DCBFB6DC
    SHA1:09A13ACF64769097957B0B472FC216F4E28D23EF
    SHA-256:21630A577940D4F765BD337A0AA3D579885D703A5CC57A56DC92FAF549873A6A
    SHA-512:89DB9AF6A517DF7592948A3C73C5484C789613617DF09ACDCDE31D81683E1DB2ABECACAC90C50F0B7DEA7058DB9B8D2DFBCCABCD0986E2335A66D4B3EFD9DCFA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....B.............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text.../........................... ..`.rsrc........ ......................@..@.....B..........D...T...T........B..........d................B..........$...........RSDSI...V.O...E.W9Z>....API-MS-Win-Core-Kernel32-Private-L1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...I...V.O...E.W9Z>t..Nc.Q.!~...B.......B......................H...........1...\...................l...........2...v...............................M...t...............T...............X...................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-O6F2S.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.940519579298329
    Encrypted:false
    SSDEEP:
    MD5:0A2F5A92F48D5AF46952C53E84EA2813
    SHA1:806D17DE64E801A826E43B6A0BC2FA4493CF87FA
    SHA-256:0A2E0B47370EC858936024B8B0A7699165E643E918E7F872D4BA56891C7C57D5
    SHA-512:205DFA5D733AE0ABB0A7C34BB26A0F999FC74227CABBA8658D801724CB0E9B98C2AF289A4FB2FFF1CD8EF9F98D9EAC6522C8106F68392CBBA8099837FB9B536C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......;.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@...............A...T...T..................d..........................$...........RSDS..g...L.)..*...<....api-ms-win-core-heap-obsolete-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....g...L.)..*...<.1..s..H.................................H...............4...T...u.......................;...Y...v...................(...I...h.......................0...O...l.............................................api-ms-win

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-OVEKC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.881271310240103
    Encrypted:false
    SSDEEP:
    MD5:3003277A51A8F898846F1F3245FF759D
    SHA1:B151A1BF1A22CC37F32E13B61F94FAD34F245206
    SHA-256:E770B846428581DE9A83C3D8E95EC82F80272100F26EEA0DB66618100F79673F
    SHA-512:08BFA0BA39C556693D3D725DEB90B603E6E41F27708F70C29BF42376FD2056F42302ED303732288231BF2CA0C9E5D2BEE3569C9DA8C464335FA2681878E5B50E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....V............!......................... ...............................0......-x....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......V.........A...T...T.........V.........d.................V.........$...........RSDS....`..M'...,.......api-ms-win-core-libraryloader-l1-1-1.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .......`..M'...,....i^=..`.l.t..V.......V.....................H...`...x...........8...k...................#...V.......................api-ms-win-core-libraryloader-l1-1-1.dll.EnumResourceLanguagesExA.kernel32.EnumResourceLanguagesExA.

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-PEVQJ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12328
    Entropy (8bit):6.878262395693804
    Encrypted:false
    SSDEEP:
    MD5:21B2EA7453CAEB11F234DFD2BB620CE0
    SHA1:AD9BF289777F64DBE4AA0D57009D9F6C328C2338
    SHA-256:A9C8E23E5C9D087350B42CC75925164A388F917BB971393362EBD813696CC23E
    SHA-512:3D1A562C7C089AF870B0FEBB97E9346F18707C40BF24ADB3D2B71F9D900FD70335F500CD81D4F3CB7BD2356BBC4D7BF88AFC9A0A804D3D8D80CD4F2C603B27FE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....}............!......................... ...............................0............@......................... ...{............ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@......}.........=...T...T.........}.........d.................}.........$...........RSDS^........b.. .......api-ms-win-service-winsvc-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ...{....edata... ..`....rsrc$01....` .......rsrc$02.... ...^........b.. ...w..N..2.`M....}...........}.....L...............H...........................<...j...........#...Y...................2...m..............."...R...............C...v...q...............-...T...............B...y...............

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-PTTR1.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10768
    Entropy (8bit):6.958594361879843
    Encrypted:false
    SSDEEP:
    MD5:670C2A82F2D14EEC3636D8A9BD495AE8
    SHA1:9455D5DD1A25F8ABC5ED88AFDA767D7BA2826E92
    SHA-256:21E3D5114E0E9F881C6B97FF810D199A566EBFC8B60BC2C68FCC31E1D96267FD
    SHA-512:3F4F81CD168AD421F1E3D7AAAA2F109EAE1E1AE452885AC1BFA4D51CA06CC64F72AEABAE92DCEFBF8EE4163020F9D98D2195F67062E9D619C7A8798C77EDAAE5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..._.Z............!......................... ...............................0......JR....@.........................0................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@...._.Z.........F...T...T......._.Z.........d..............._.Z.........$...........RSDS.p...!....y.*.O.....api-ms-win-core-threadpool-private-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ....p...!....y.*.O....[X.}~/..I_.Z................._.Z.....b...............X...\...`.............api-ms-win-core-threadpool-private-l1-1-0.dll.RegisterWaitForSingleObjectEx.kernel32.RegisterWaitForSingleObjectEx....................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-Q260F.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):15368
    Entropy (8bit):6.575630607531005
    Encrypted:false
    SSDEEP:
    MD5:DF8A1C7C86B0FC15A09068DF07C39402
    SHA1:8B5B1B38AD95CDA62C32B906FB322FC7B464C86F
    SHA-256:5E995DA1D99B4C83A31104E422AD6D391C89FC3B768E265DBCAD63D1453E1338
    SHA-512:FD675C18ED8272370E4E518699B1D23C2251887902D9AEA1416D2F8C3010DA114F279D85AA30D0977D2C36249FB623E1B23FE7D9B7D18634B6487C73CC14CD5B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!.........................0...............................@.......Z....@.........................0................0..................."..............T............................................................................text............................... ..`.rsrc........0......................@..@v...............................:...d...d...................d...........................$...........RSDS.1.....5..MD....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ....1.....5..MD T=...Z.9.X.................................z...z...X...@...(...H...c...~...........................7...Q...n.............................../...J...e...............................#...:...U...r...............

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-S8JMT.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10792
    Entropy (8bit):6.942410511558376
    Encrypted:false
    SSDEEP:
    MD5:0851AD51663C9CE9E878CCFB321E4DB7
    SHA1:8E55BEF22145614E90C8F173125F94886D0D6AF7
    SHA-256:38AD9FFF769EA035B34EE293F3D7EBBA0979D9664D7D67C156F23767A9DCA2AF
    SHA-512:995D84CF16C261E9BC80D99836EF5E8B64F20424F8CB8CA3FC2DDB75F49F10D37365E4BCEB6E8510D641634F73F3B819FE8B040D7A4953686B4B87DBAF375539
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....3.j...........!......................... ...............................0.......%....@......................... ...w............ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....3.j........8...T...T........3.j........d................3.j........$...........RSDS....K.... UP!.!....API-MS-Win-Base-Util-L1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...w....edata... ..`....rsrc$01....` .......rsrc$02.... .......K.... UP!.!.wGk@.....7*.3.j.................3.j....R...............H...L...P.......r.....api-ms-win-base-util-l1-1-0.dll.IsTextUnicode.advapi32.IsTextUnicode..................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-SNI07.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):21384
    Entropy (8bit):6.475042333263985
    Encrypted:false
    SSDEEP:
    MD5:8D7F05E7F0B3FF4A4FFF6DEA96530C4B
    SHA1:C63B270DBBF53318F7DB5C980D6B0A62C6DBDE49
    SHA-256:83CFB5FDFBB874DBE0AC3746838B79B227E6CAE8015ED9B3F9F2BA350D70476E
    SHA-512:08DAC7BD468B8923A4D99F0717A3F94A6AE6A169F3ED09D27D1DE3C3E8C8057A92F5A16DAEB24C56B4F432C9E2ED5CC87BCEF2657E311343629478254B8FBF5A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...%..%..%.8i...%....%.2.!..%.2.&..%..$..%.2.$..%.2. ..%.2.%..%.2....%.2.'..%.Rich..%.........................PE..L...._.........."!................p........0...............................p............@A.........................*..J....@..x....P...............0...#...`..p...X...8...............................@............@...............................text...J........................... ..`.data...8....0....... ..............@....idata.......@......."..............@..@.rsrc........P.......(..............@..@.reloc..p....`.......,..............@..B........................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-ST47B.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11304
    Entropy (8bit):6.828033710511504
    Encrypted:false
    SSDEEP:
    MD5:E925820E2EE921CEE60823F374CADCB2
    SHA1:B5D925E0270B362EC3CE223AFE47957A8B9E7D28
    SHA-256:2136AE5A056CD418A427DC28B55D77CC59D64ACBBC495BDF116835650EF9051B
    SHA-512:6DCAFAADCBE8BC46467A2A7550B890ED5B490B151E105D046348F35FCEDA740378F0D3D652509ED0EADC26EDE7D255F5885552B9B709E6AA90C083F2F21D5711
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....ARo...........!......................... ...............................0......Xc....@......................... ...L............ ..................("..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@.....ARo........8...T...T........ARo........d................ARo........$...........RSDS...+A<...s.O.....api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ...L....edata... ..`....rsrc$01....` .......rsrc$02.... ......+A<...s.O.&...x)=.ro2.ARo.................ARo....p...............H...X...h...............B...............!...........api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolu

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-SUDDL.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):13320
    Entropy (8bit):6.7346003773252
    Encrypted:false
    SSDEEP:
    MD5:2B09AA14F29816B79ED7D90A653F69D4
    SHA1:C26E72BEB0B34F47BAB6D2C9F7B8EB2F37735331
    SHA-256:9D430378C45FE71B58EEE84C5023CB66063410EDC650BB2821FE4A422F9ADE9C
    SHA-512:8660CB282D9E700ECB11ACF056BBD5FEF22A8F751AD49E7260B7D9089BA092EAAE95A6DDB4C346370820FD645D794EA787830B417CA5B2012B1F008A05AE9255
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...F..~...........!......................... ...............................0............@......................... ...v............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....F..~........D...T...T.......F..~........d...............F..~........$...........RSDS..I.&.C/.ob........api-ms-win-core-shlwapi-obsolete-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...v....edata... ..`....rsrc$01....` .......rsrc$02.... .....I.&.C/.ob....%.K(..4.NqF..~....F..~............=...=...H...<...0...........+...F...b...}.......................+...F...a...z...........................?...Z...v...........................7...R...n.......................#...=...

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-T9BJK.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):1048688
    Entropy (8bit):6.737322503059076
    Encrypted:false
    SSDEEP:
    MD5:64EAB3C25F01AE51CE7B7A2E33B18B89
    SHA1:8C872A3C8F2F9C283CF39ACC36FD22DEFE15A719
    SHA-256:BF288959DBDBC3367941053E399CE749F21BD36FA760278AFD773C26F88D8188
    SHA-512:AD4DA2519991732CB4B24AFB10EA3BE73B20EB9F39A4F65340DB171370C24FA1DFE7C55CB7888DBAE9B57B60E18775602890590ABBAC5AA2DA371E3653899366
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........&`..H3..H3..H3..K2..H3..M2".H35.L2..H35.K2..H3..L2..H3..M2..H3..L2..H35.M2..H3..I2..H3..I3F.H3..M2..H3..H2..H3..3..H3..J2..H3Rich..H3........................PE..L....M%`...........!.........................................................`......|.....@..........................W.......X...........p..............p............[..T....................]...... \..@............................................text............................... ..`.rdata...y.......z..................@..@.data....q...p...>...X..............@....dbld0..............................`..`.reloc..............................@..@.rsrc....p.......r...t..............@..@................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-U4KRV.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.804352482684347
    Encrypted:false
    SSDEEP:
    MD5:D8DFEABB9BC470DABAF136383D7D58AA
    SHA1:4B9D2337E5F75BAD9D2175E7D954B744A91B49BF
    SHA-256:CC5C8A1E2783B6D356976D4B72BA49DFDDBDD49CDCB05DA250FF1CA192323D00
    SHA-512:D1124F984BAD0ABF2F281CD9061C227FEDC651946B49BCDEFB08ED7A2DEC30E045B8B936E5F1CD2BA5CB5986EE0FBACD0A92E4BC0B8BCCD53860E1D4B6113C2C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......x.....@......................... ...C............ ..................."..............T............................................................................text...c........................... ..`.rsrc........ ......................@..@...............:...T...T..................d..........................$...........RSDS.~.M...~.W...vY.....api-ms-win-core-memory-l1-1-2.pdb...........T....rdata..T........rdata$zzzdbg... ...C....edata... ..`....rsrc$01....` .......rsrc$02.... ....~.M...~.W...vY....:.$....{......................................H...t...........3...o...........&...W...............G...........Z...............D...s...........4.........................api-ms-win-core-memory-l1-1-2.dll.AllocateUserPhys

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-VDCES.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.873156855812692
    Encrypted:false
    SSDEEP:
    MD5:7EE56514A0E5DED5B6A14524018099F2
    SHA1:0B2BA6827FE5D563DA186E99B0E46D41C5C9B4F8
    SHA-256:E8080F727B61E5B0997560CA6F2BDF894A65C0666E1762EAAE4A8582FA84C40A
    SHA-512:434E6E4A01258B923C73888FCAE8A8AB60E51E3B551DF0B5CE9279CEAAA339CDFD76BAFDDCDC70AD4AAD64623D4352FFBFE8D7C591468D40BDD45D95BDFC6DB6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...d.............!......................... ...............................0......7.....@.........................0...^............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................d..........:...d...d.......d..........d...............d..........$...........RSDS.@.7..o..t.c.A.V....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0...^....edata... ..`....rsrc$01....` .......rsrc$02.... ....@.7..o..t.c.A.V...1.v..{U.d..............d......................X.......H..............."...C...\...u...........................!...8...K...`...{...............................'...>...T...i.......................<...S...

    C:\Program Files (x86)\Topaz OFD\Warsaw\is-VJTAG.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):450944
    Entropy (8bit):6.636343034442733
    Encrypted:false
    SSDEEP:
    MD5:E0DD94AADA0B034B212DE071C33054DA
    SHA1:6C4F1B3F66D07BBCDCF41EB39B1480BB335EFCC8
    SHA-256:08442853F19CE4FF3ACAE37D87EAB33EF81C4C6DA62A3432D43253BA79842B64
    SHA-512:76C877056F448E5DAB820E990CC186BA886B2D331D689A99295AAFF31A63AADB941C2693B0BE98D53BD06CD8041A270EB82DDEDFBDE305CD9A85BCBE42FCF5A2
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........MfA.#5A.#5A.#5./.5C.#5H.5W.#5A."5..#5.."4B.#5..'4J.#5.. 4I.#5..&4.#5..#4@.#5...5@.#5..!4@.#5RichA.#5........................PE..L....._.........."!.....H...................`............................................@A........................@....................................#......4<...y..8............................x..@......................@....................text....F.......H.................. ..`.data....(...`.......L..............@....idata...............d..............@..@.didat..4............z..............@....rsrc................|..............@..@.reloc..4<.......>..................@..B................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\msvcp120.dll

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):455328
    Entropy (8bit):6.698367093574994
    Encrypted:false
    SSDEEP:
    MD5:FD5CABBE52272BD76007B68186EBAF00
    SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
    SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
    SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\msvcp140.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E0DD94AADA0B034B212DE071C33054DA
    SHA1:6C4F1B3F66D07BBCDCF41EB39B1480BB335EFCC8
    SHA-256:08442853F19CE4FF3ACAE37D87EAB33EF81C4C6DA62A3432D43253BA79842B64
    SHA-512:76C877056F448E5DAB820E990CC186BA886B2D331D689A99295AAFF31A63AADB941C2693B0BE98D53BD06CD8041A270EB82DDEDFBDE305CD9A85BCBE42FCF5A2
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........MfA.#5A.#5A.#5./.5C.#5H.5W.#5A."5..#5.."4B.#5..'4J.#5.. 4I.#5..&4.#5..#4@.#5...5@.#5..!4@.#5RichA.#5........................PE..L....._.........."!.....H...................`............................................@A........................@....................................#......4<...y..8............................x..@......................@....................text....F.......H.................. ..`.data....(...`.......L..............@....idata...............d..............@..@.didat..4............z..............@....rsrc................|..............@..@.reloc..4<.......>..................@..B................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\msvcp140_1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8D7F05E7F0B3FF4A4FFF6DEA96530C4B
    SHA1:C63B270DBBF53318F7DB5C980D6B0A62C6DBDE49
    SHA-256:83CFB5FDFBB874DBE0AC3746838B79B227E6CAE8015ED9B3F9F2BA350D70476E
    SHA-512:08DAC7BD468B8923A4D99F0717A3F94A6AE6A169F3ED09D27D1DE3C3E8C8057A92F5A16DAEB24C56B4F432C9E2ED5CC87BCEF2657E311343629478254B8FBF5A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...%..%..%.8i...%....%.2.!..%.2.&..%..$..%.2.$..%.2. ..%.2.%..%.2....%.2.'..%.Rich..%.........................PE..L...._.........."!................p........0...............................p............@A.........................*..J....@..x....P...............0...#...`..p...X...8...............................@............@...............................text...J........................... ..`.data...8....0....... ..............@....idata.......@......."..............@..@.rsrc........P.......(..............@..@.reloc..p....`.......,..............@..B........................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\msvcp140_2.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:79F7F9901176F90A6F9F45C406335286
    SHA1:5A425B3CBE73C8BDF5593D9387B9EF3B52AC8C25
    SHA-256:5E04C86E1EA8D79F2C1B52E4DECEEEF5785EB67375699F60609FEEDF59F13AB1
    SHA-512:A03A2C63AA37451EECBC67D0492D53FE5A057414C3FC75A64C8D6B303D30C2A1DA46C84BF9549B6E937EF07A01857CC3F2784F816F187E6C7AA59DC890CCB505
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2.Y.\.Y.\.Y.\..D..[.\.P..U.\..X.R.\.._.[.\.Y.].=.\..].\.\..Y.J.\..\.X.\...X.\..^.X.\.RichY.\.........PE..L...._.........."!.....,...<...............@.......................................-....@A.........................4..@....Q.......`...............h...#...p..H....\..8............................\..@............P...............................text....*.......,.................. ..`.data...(....@.......0..............@....idata..`....P.......8..............@..@.rsrc........`.......F..............@..@.reloc..H....p.......J..............@..B........................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\msvcr120.dll

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):970912
    Entropy (8bit):6.9649735952029515
    Encrypted:false
    SSDEEP:
    MD5:034CCADC1C073E4216E9466B720F9849
    SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
    SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
    SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\vcruntime140_32.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:87DD91C56BE82866BF96EF1666F30A99
    SHA1:3B78CB150110166DED8EA51FBDE8EA506F72AEAF
    SHA-256:49B0FD1751342C253CAC588DDA82EC08E4EF43CEBC5A9D80DEB7928109B90C4F
    SHA-512:58C3EC6761624D14C7C897D8D0842DBEAB200D445B4339905DAC8A3635D174CDFB7B237D338D2829BC6C602C47503120AF5BE0C7DE6ABF2E71C81726285E44D6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ix..-...-...-....|./...$a..&...-.......h..>...h..8...h..1...h..,...hl.,...h..,...Rich-...................PE..L....._.........."!.........................................................@......{.....@A......................................... ...................#...0..x....#..8............................#..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc..x....0......................@..B........................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\wsaxbco.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:64EAB3C25F01AE51CE7B7A2E33B18B89
    SHA1:8C872A3C8F2F9C283CF39ACC36FD22DEFE15A719
    SHA-256:BF288959DBDBC3367941053E399CE749F21BD36FA760278AFD773C26F88D8188
    SHA-512:AD4DA2519991732CB4B24AFB10EA3BE73B20EB9F39A4F65340DB171370C24FA1DFE7C55CB7888DBAE9B57B60E18775602890590ABBAC5AA2DA371E3653899366
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........&`..H3..H3..H3..K2..H3..M2".H35.L2..H35.K2..H3..L2..H3..M2..H3..L2..H35.M2..H3..I2..H3..I3F.H3..M2..H3..H2..H3..3..H3..J2..H3Rich..H3........................PE..L....M%`...........!.........................................................`......|.....@..........................W.......X...........p..............p............[..T....................]...... \..@............................................text............................... ..`.rdata...y.......z..................@..@.data....q...p...>...X..............@....dbld0..............................`..`.reloc..............................@..@.rsrc....p.......r...t..............@..@................................................................................................................................................................................................................................

    C:\Program Files (x86)\Topaz OFD\Warsaw\wsbrmu.dll

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):52
    Entropy (8bit):4.663590738123906
    Encrypted:false
    SSDEEP:
    MD5:0D78F79E376766D9D48A43F4D78863D3
    SHA1:6BF4E1E7BECE283DA3EA4732D9F4BCF5E204A790
    SHA-256:C039E24286BA0EC0C8E819A6CEAB6BD6477DE1E62493D37A45394B299A734154
    SHA-512:F188C59E04576E7229A2708C92325CAFC795D2C5561CDE02A80DDDD55724790CCC65DCE6D1CBAE465AF4B574B18F46626ED95114D1995B0C33BED004103CAEE2
    Malicious:false
    Reputation:unknown
    Preview:[RealPath]..Path=C:\Program Files\Topaz OFD\Warsaw..

    C:\Program Files\Mozilla Firefox\defaults\pref\autoconf_warsaw.js

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):148
    Entropy (8bit):4.323495946391912
    Encrypted:false
    SSDEEP:
    MD5:B398AA0BADC3C1FEF6E444214BACBDDF
    SHA1:309EE1BB6B249EE65CB94191AF6DF704D2733549
    SHA-256:C6A06EC225439B374A776702FC5D0CAF5285176694A7C2BDDFF251C207B13B62
    SHA-512:23562F496FB85398721344DF7C29E89AD3B642279B9AAD623CE87F0E11EE2DE08E00D44040EFB743276435D16B4BF7704F90EBA9A031C4BD0826FD7C3148EBDB
    Malicious:false
    Reputation:unknown
    Preview:// Ativando o uso de certificados do sistema para correto funcionamento da comunicacao com o Warsaw.pref("security.enterprise_roots.enabled", true);

    C:\Program Files\Topaz OFD\Warsaw:bmh6Lm9wemo

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:data
    Category:dropped
    Size (bytes):104
    Entropy (8bit):5.073452046330945
    Encrypted:false
    SSDEEP:
    MD5:AF2CD4BC5AC4F5282065D039C32DED57
    SHA1:7CC9FB7B7E8F66882BC95CB8EA3743723B093AC3
    SHA-256:8948CE65047B68709C4AE9823592623BFA8ADB6370309F833E2A94DEA9D8FA86
    SHA-512:4E0E4F78A8F38595432FC30DA2805AA71E473976935C4DDAB413FE2AD73F70436904D794D6811675C27B1B07F0F33B080099B1F3AAD09893AA72A22700C88401
    Malicious:false
    Reputation:unknown
    Preview:Ws!?.......................................o...... ....(..n_J..e....#....H.tu>..3k}4..n.....NT{.u.V..2.

    C:\Program Files\Topaz OFD\Warsaw:oyhagmu138iahnc

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):64
    Entropy (8bit):5.189464015923013
    Encrypted:false
    SSDEEP:
    MD5:846881A7C40F9BF64CD1416C44B1E754
    SHA1:A7C6DFAFEFCC23B77FB3BFD81A6358694CEA5C94
    SHA-256:E8ED3A3D01BC16EA6C04903609C9D13740C82CDA0B61AC7E09A7560B79095EB7
    SHA-512:3EEE848A53029E991C44E19DC27D4BEF6E94CD8AD7409E25AC237DC9E4BCFA84FE3C4E0F290ADB6E282BD184792734F4FB0CE48DA1CFBE94A6C58A9B3F6ED388
    Malicious:false
    Reputation:unknown
    Preview:GOQXHprtOfq6vC3LMI9aABXuGta3vvXwVerorfWocABrEknD7dKYghhHuE3kP1jr

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:FC7259A39B375E233D8CF57A7F71132C
    SHA1:E644EF8922CCE4E2904E9072B82980FFAD1BBE94
    SHA-256:66859C6F684A4218C0BFFB0635CEB057EF076EC81F187912C3D3587983F98BE4
    SHA-512:A5F24A0F2202E7C0A5AF4AF7D13BE9063ADFD76DF61B195AD1B0DA35F3A2A465590E128DF8DFEC396A0ADA154B9191AA42D358877BF8AF80C497537C6EAD423E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0.......M....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:24C9068F050F7511DC952E9B7DDD25FB
    SHA1:852DA2061771C52D734C8E006445492C1D722B4F
    SHA-256:5C466DABDF75D4C3841C9F958740FD6BE52218C7AD48B3E0A5B7816CF468F3D0
    SHA-512:EB64B6D4231816A64D19985B53DC2DAA38995B641B0DE4DC4F36FFE46B18513664544EA03470E92E616474B6CBF08D84F4C660296AEFE9780CD3F859CC05693F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4B1C07BCBFBF836775D57F2E0335E6BE
    SHA1:EACFF55C6029F11F15E9AF41E4574545C9711C80
    SHA-256:FB2419822CB26757907AFCFEE392A7CAB773F04895BFD9AEED3B7265540AC2CD
    SHA-512:35C86529AE915AC87E0D8CFFF815030F8E1A1FAC882EF01803532AC3D2E4ECB2E1CE0BAAD0C1DD3E6CFD63CE10ED937E431424E3D063BBEC41D249DA4A5C4B29
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-EventLog-Legacy-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:9627929A5BA49AF73FD481E7D9E17CF7
    SHA1:BE63D57A94869A927BA1653DFE1FE07B670B95FF
    SHA-256:D4AB0F07801AC45BEDCDAE1867E9B5949671B420AF2F43C50959EBF0CC70C44C
    SHA-512:6E74C577B45D77685295128B408D6203399E72BF35BBD3D922459DC41AFBCC0F19D445265C1B89E1DDD8E46E2426A23B6E1B55A368D502ED6A7615264A79FC47
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...2.#X.........." .........................................................0.......I....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:23F383B674D9DBBFFD228B52BD36DA12
    SHA1:4D9CA992006CAC527224EA3D56E24220CD77D255
    SHA-256:A82A05337948E29ABFA5B381BC78FFBCACB8148CCC9380ED9FF1FE300AFDA990
    SHA-512:F78439F34FBF579660B216374EDFF1316E5568E1977C931A903A76C57D864DA3339629093B8C8E6DC8712271E8A8AC47007968334635AC2900F2F10557CF4D87
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....:..........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-Eventing-Controller-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:526C026CD40AD18CB9377B30D80BD550
    SHA1:C0F108BBB43128ED7BC3C0BBFC1607DC0F564CC8
    SHA-256:987D2D81CDBD35B7615A3E0A90FD049AB32583BC7FBBB27833B89068CF870BD4
    SHA-512:A5BA8015559E5E8B06E29284FAA585126862851224F28E632A4750A5AFBCC713831A30EA7156E1EF7A83274FB4ED6AD53C712462D573CFCCF28AF304304C215D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Ki.|.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-Eventing-Legacy-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:36B1CE2707C7139FB0B2868F189E720C
    SHA1:CE362DB2A299B65861CD8D3EAEE2F2950252C51D
    SHA-256:E2E0C42A147D9C960D9D09BFBC98707BDEECD3F4E919D6E68C5692629B338878
    SHA-512:9C6A75BB46AE416BF8E381182B1DEBB8CB0662C084A30B36EBD30F102D75BC773BD77E0F7541335481E59DE3FCB7575E68D9A82671557583E41D3402308E51F6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......q.........." .........................................................0......Ie....`.........................................`................ ..................("..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-Eventing-Provider-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E9BB03E93162267E3DC00432C95606EB
    SHA1:9062FFCB9E13A5E52D27D7120286E53D3498871C
    SHA-256:0B419499A5179F3D6CE68E87497CC4A8B8B8829B29EC7726331A6BC5107E0580
    SHA-512:B514B6ACF7407660B8F2706C555AA46F26A95FBBC15C0F98EB89A6DE75B83BB8045A2A44D224BF7D866A85C241382B03A702DBA161432361B8874CF46413F83B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`...\............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-Security-Lsalookup-L2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:702AC7A4AB64915313B08CA5DB5132E3
    SHA1:E177AD1FB6E54507454BC265B6ABF528C7F71BB1
    SHA-256:01A4EC466CE60FF44BBAD1C1BF3B5F18B8CD55C2033DA036AED9B8A39A35B237
    SHA-512:7481CBB98CA7D3237171BB72D1779862C816F1F48045765F4E3FC09DEF73DA481063E493A1FDF09D0EDB6CE15E32D3C467C70C173080FD82F0CA0F9B9C9B61FC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....B.d.........." .........................................................0.......u....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-Security-Lsalookup-L2-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0D21E7CFA8473CC576D6C19918FAE61A
    SHA1:854A27CBE0EC1475E2D1ACAE0A818CE1A10E7C01
    SHA-256:E550191E99C4557F3E6E79C705FD3C060211116DB6B428D07308D88CB22456FD
    SHA-512:3C2C7A0794CDA11A2725B046DE35ED071991AB341E7F1544CC2E9C25CA9A51EDAFDA03B8FCA417A83621F486D970DCCE8F7B2B5D04FC93770C14A357723A8FD8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...."..........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-core-file-l2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F12C1674574B16DDC17F4CCF68955E59
    SHA1:0C7D9B8B504A3DDC53C0B8E4066C8D829E65AE55
    SHA-256:A88202B5B8E62EDEAFB536AF25580B2B1A437860D86CD5D8A6FBA3C89B46ACD6
    SHA-512:084776CB0C9E7E3708CD67BD2E075BD6878A13EC0DD70F46ABB7532E7153DDC4C5AFBCBBD477A62432BEF0E1381E06A16F951F7C701B1C6EADEC93514834BB39
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......R.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-core-file-l2-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4D816692877A5B28C7F503AD5454CE50
    SHA1:C77FC150C2D5C35F2A08B8B1B8206A39785CC018
    SHA-256:5DABD35AE32B633322ADDC1F2E1688D4E78363CADC7C7A8EB8F8E92C7D3E1444
    SHA-512:71A4AE0B924DEBF7B51332993EDB33564EBA0887D0F051FAEC9905B3F7C9651737D4DE5E00EFA02E0F4559C6D4B57B4B770BCDCA6DCB894CC70EA3597E09123F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....G............" .........................................................0............`.........................................`...x............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-core-louserzation-obsolete-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:087D5F43B0701ACCF1B9A90083AA6532
    SHA1:B5E0B4279B38842DB732C0D153A06B677E9D0081
    SHA-256:A071F525A70AA16806C49455945E39B1BDD6A1941F86F74CDB7DC0457B8AEB49
    SHA-512:4727F8A688117EE6740FA4A4A96DFF913D8E2FD900B7A81E8C50729F1F3A15FFD921DA61871CC55ABCC4A0CA0D5F8ABADB9C2E60B9BFFFE5D69A8FFCD769E14D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....!;..........." .........................................................0.......]....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-core-string-l2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:C2D02214DF98716DC7E22BFF6BA4D67E
    SHA1:C110B555383C23CF13328A1B48126F73FCDDBBC7
    SHA-256:19EDD50A7D9CD3492642DDA41AA97533D8A726DF36043D4E307A97BAC01212A2
    SHA-512:4CD3C719B220D0066F94A75F4D920CB13B60EBAE3A93938DECE7C24D14251AAD13580E2DF68C54D29694D466FBA850FDC1A6E3EC999D7D5BAC53812FCF5BFFAA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...&ny..........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-core-string-obsolete-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D5194BAE55E0857747269989AF9AC3F4
    SHA1:AD71984AA5E6BDDEA9F575095116540645F2F798
    SHA-256:4A1ED06C0E9DBFCFA008F969583F231D6FA3731232C7ED46AFF8F8C6A74F4B3C
    SHA-512:17B3749604C503649A527BDE981140DB58CCFC99F7D13C30627DF0D67D9272FAEAF565CDCA1CE7E715098095F34C5C76110AA1B0A9C6F97B4C6F13BB8490D23F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......'.........." .........................................................0......p.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-core-xstate-l2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:9C42573445921D5C023900699A80C91C
    SHA1:BB5B0983AE7831611E360BCCD6EC3EEA463CC7B8
    SHA-256:EA4D4AA42CF9F0F1061ED21FFE674A9F09156005114B92EFF0A451B38C30CA9A
    SHA-512:49D288B4F1CF4627925AC2F1481E9D117EBE0B3D7207EBAD4422994F748FCBA9F94046B5B7AEC433A1DAB50C92AD03798591B8B757EDADAAA86059CE2B3200D5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...s............." .........................................................0............`.........................................`................ ..................("..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-devices-config-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:FC599F3D910EAE2F58EE26F659BC54BD
    SHA1:922D59FE207D655CC3BCACE39C853FDF8C48EC7A
    SHA-256:CCFB0B093D2C0384A958791E3F1F08C51625272A4AAB6211BB8933E724E248B4
    SHA-512:9EC8B1DF87B2CA39D5613EED0587A5BE442A900DC1A8B5254364657F5FE4AF48B0DA0C3875C0129BCFF36088F1CC2281AF0F563AB1124037643FD7BB3E357985
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...=Ef_.........." .........................................................0......[.....`.........................................`...|............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-devices-config-L1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A055F28FAE5A3BA989B55960F7CCAAEA
    SHA1:B7F8B00905F7B48CE81DFFEA9F8218364C173805
    SHA-256:C10E4E4B4E85FC9B722903AF0FC5E22D46989FE510C76294A8167C3775B47A47
    SHA-512:399C0ADF1E9ED5C31127993E1CD89ADE21700A06FE9078803106F954CA81DE7299DD95D131281A6A09F61A94335F119E3E2157E3225F8FA7A6E6270BB28F7EEE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....:+.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-security-lsapolicy-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8D25A9F4E10A70B4E86424D8FD826B3A
    SHA1:C63079A078BEE58CC9083C4DDDA7CF19BCF5B96D
    SHA-256:97DFF96BC2A969418229A932F2AE6AF7DE03EEE8DFF5573BA1D11C3FDC9C660C
    SHA-512:9D942F0F6FA01D1FE92536DCE730242FA1316FE09D3B8CE62C13A4D56873ED48FDAAAD7DAA630610CAF168C7A674F523A2321025949E786FECA249BCE013A62D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....oB..........." .........................................................0......L.....`.........................................`...<............ ..................."..............T............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\API-MS-Win-security-provider-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:C990BF591E31C39C1DA71A6FAC6F3320
    SHA1:177D63F4EF6F88FCE36C0683305824CD388A435D
    SHA-256:2EAD6564F34CC1AB2C753DEEA2E18DF2F29F45D8A46E1ECB735832910E45001E
    SHA-512:3C327EB3A2F6C247F3006B3AA69505E116D15795FABA6BBB3C3D1D48095293FACAE4FB86FBD65477B9AC432971207B45E0601A44D774A6752462A0E307BCCFD5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...~............." .........................................................0......Y.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-base-util-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:87F1F8D1E23C66816EDADB956EE9485E
    SHA1:0FAF04E3AE4A4DCBFB52AC4F95BABE432FDE859C
    SHA-256:EA3C47FB95CA5A04B308B18E6B39386EF2D1D43188CDB365344D3FDD80D05A31
    SHA-512:9698FF831F718AE328873D72C1C225A85A2CF69F6BE01F24EEC4AB7E991BA5FD0018DF8AB9E2C4CEAA759397007B9A7A187413347100E689AC287A42B785BFA1
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......ev....`.........................................`...x............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-com-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:83A1AB90FB677FAAA10EF76D4C18DDF1
    SHA1:8B7837A1C2581F157DC5D147DBA215E92C3F3D30
    SHA-256:BA413CC15F9A13B1FCA48C6B7F90261D5578A6F1B0B2BB8D2AB9D513CFE5F75A
    SHA-512:5135205373B666422F55266241DCEEF0C503705E18D68CF44AA3E49F23F049B15337B5332CDA7CE60837492AC703FB0DAA90F8DFD8EC8CC5C6CE6A62D0EDF222
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Z%..........." .........................................................@............`.........................................`................0..................8!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-comm-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:404235D46A7B21084DFB80E1E56ECB8E
    SHA1:17012D6235F41EB16B1124F0ECDA77711C3DCE6C
    SHA-256:B52E940ADD1D34582E9935906614FBD97D991107551F5245B144E2E90F68F548
    SHA-512:E8E5869352636840DAE0105BF72B15048EF2A7D5313BF6CBDA163ED863D25471AEFB2411889A1CFBDB8A17A36F4A8E595892BBCAA22193C632BEA3FCA7E22799
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-console-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:420323D0E507B86DA548D20B94F3ECAE
    SHA1:9F3876284BF986E627ABD7248E86CD1E1B1ACA42
    SHA-256:4185280EA58EA63579BDC141BB5263DAA42EAF105B8A81E4C7CCE89DBA331957
    SHA-512:AB331A9FAC890E8959218C65B9CF233C8D18573E1DBBB7D798A761131F5FC1F35E448919BD8F2D5A4C0999BEDBFB1BF6E85A7A6C766FCEE8A82211E3589435C7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......}.....`.........................................`...,............ ..................."..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-datetime-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F44C562F058C83CF98CB51A65410B5B9
    SHA1:CB633F131891380B8B5FFA87B332337FB24C5EBC
    SHA-256:89C3B43B4BF37D04253A8D565F055A29BBC0D84A473646D4F0787C96DE90FAE8
    SHA-512:6D52E929DA91A95E7CDE24EBF4E2326356442E3F10296DF8FB3F975C6EFAE3201605F95B413F827450D16BC14105CA2E6B1D9ECB45B944BCF72E1689039EBFB5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0.......Q....`.........................................`................ ..................."..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-datetime-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:3CCC03B2612E88DB36D833665DB13635
    SHA1:FE668A50BE92B8DF79259685D74D163A79BBBA12
    SHA-256:2B38716C6A57945B4CCE9F619F252B34B578FC58ECF1D8AFBE76400ED6DAEFCC
    SHA-512:C5FAACE37B3FCC30BE5F46A5B27298AFF3B39ABCC73FE81462876B94D55CF650C3C374B6B04A9F9C6E78746A589B0D8871C3619511B15BB5D64B9E4318BA1042
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...%............." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-debug-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6CCF0CA512B9420990C22D462ABE3B08
    SHA1:4F2F516A90CD06FB132B794762872BA19CA51CBB
    SHA-256:F8F460FB6A3AE59DC83E8C398757C9D4999A54FB14F5E4B33B09140158AD0762
    SHA-512:B75BD6DF0A4BD2754223BB5821A3C6D3DCABE1C41630822106E12235B9E1B3C0155F5CD41AB56FF0D0EC05864289F2EF1FB1D8C58BE77C1AE36D48E89862A66F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0...... >....`.........................................`................ ..................."..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-debug-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:C0E9698BD8D03BAEDD230859358C0AEF
    SHA1:24DF2777DC08742FD5864F94E19EF66475FC2C9E
    SHA-256:C448E2B5B1680DBC6DBC2D55DDF2992E4C0AA27373777C81F22457B55BD99B70
    SHA-512:0124DB0DD7EE99A62905B4576DE138E6338E1253E13BC4BF4264D9C9BAF83109A1800F44569E77F2A985AFD7FCB1A935351D9D2BA73B51A738FAB6FC51689A7D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....x./.........." .........................................................0.......;....`.........................................`...|............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-delayload-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:870C14964D4B15E95E468B211CA1154D
    SHA1:DFFA61C2D3432F2930F64E2A9548AE7F8EF3412F
    SHA-256:6DBB4080C6E79B25266BFFB2CAFD8492C12F5253A9CD2CE9CD9B3B831D761F01
    SHA-512:467078114C88EACD3ED953A8C8D875E2F3AB915DD3B75BF036D6CBD3F17BDAEB57DD310D59A4E1B70ED75D68B9D6174259374E9BC6BC637DAA1E2D87E4F403A0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...8?h*.........." .........................................................0.......R....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-errorhandling-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:3894F6DE1588840F9282246D527CB077
    SHA1:BED0EDAE7EC79A72077913A3620337CC5E854067
    SHA-256:6199098A9054AA37578BA1547028424B1026AE604D3F4F1F745FB88B60B1AC27
    SHA-512:AF4567489CDEC971656E1BB4BCE0CF6AA71CA7053B47ACBCD78DB82584525C846C0456D1CFEA101D61D5F7DD5A13FA26DDF4E7B81EC8A917ADD8DEA07CF4436F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0.......w....`.........................................`................ ..................8!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-errorhandling-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:1D26AC129975D511B63525683B9AF2FF
    SHA1:DC27DF3BEAEB5CD34A68D469AE153498FCE6F51A
    SHA-256:4ABD54A6E8FC704BFBC40B99C1A41FB73D389BF6F82C90380A098AD901CD2B94
    SHA-512:C5BF1C0EB3C30509B17621E3D17CAC4B623075AEDF02ACE073AF3858A42FA4299E344B313DE3A652EAD6C9ECC97C2CF9D3D4587ADEDC23BD3451E4DCBC6117E7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...O..+.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-fibers-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:50C3CF566D49C23EBB16E7267730CB00
    SHA1:271F0CE88C95A99020398FF6ABDE600A4D87C12A
    SHA-256:B177E16078453DC9F4EEEE639504D5BC2F737251FDE536FC173671F9BBC63B59
    SHA-512:7EA9B4393C35E50D3A49B40AECD6A775B286E7193C466DBD915A6D505D2F2145557979130A5568F3A4AFE81ABA7140B330539A2C2679F928EBA2BBF7112052C3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....|.].........." .........................................................0.......@....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-fibers-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:AF0299FB054B27E4C9BDCF19007A8F5C
    SHA1:31A04540B67E9977469E13462C1BB8402AF5CA4B
    SHA-256:F659FEE5DFFFFA2950FF1870F5D4BAD1F655B541BB5B9A321FDA27753E8928F0
    SHA-512:BB8967A8567C6914D9EA773577AAE47F0076C902E2E435E61DD9CD77FA1AC1BCF38F11649A609EB4D64CBBAA421504860DA0B8CF0D2190C735F49A70063A1640
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....{.l.........." .........................................................0......-.....`.........................................`...|............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-file-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F753699EA5569C33BF9ABD2D766445C1
    SHA1:43BA6C336CDBED435A73137201F7EC1C8A9E25B2
    SHA-256:EEB1780941F9E74C8F7E176D42B4DF1AE8AE27BDA5C6C2F569EC64200D3F1C88
    SHA-512:5DCFD22BF1D504157390B9B90D45E61D3407DBB6DCB65B1B363C06C027A8CF74FA1533DC479B422EECDA070032B9AF7B24893372E0D2B69D4E6F0D6C20A1CF18
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@.......W....`.........................................`................0..................."..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-file-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D0842AC13C33E2287D8ADFB16BC83E7A
    SHA1:68CFD86A437BD755C2F06E59FD2BA87026D9BEC1
    SHA-256:79F0CCFEC37C99A53FA333C95ADF94420765366D040EEA78A76C545C89708FF6
    SHA-512:88A5E680ED5E42452D0B7F638327BC38E88AF835ADA391A11C44C43FAEBEE040D9D30227DBA12231ED4FFA0C8FD3CB461F5A682D48E40A9C29EC410F069CA346
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......o.....`.........................................`...L............ ..................."..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-file-l1-2-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:ABC63F8B93596B6DDBBF5FE1FF97913E
    SHA1:CC5BAD92ACE5DCC684E0044B10DB2C5C950162C1
    SHA-256:5DCD30945AF1FF0FE4D229CB37A2FAF9461F5DAEEAF683D375379C1D4BBF00E4
    SHA-512:8266D6C18833342CD766F85A8606FC874F6F48F759D496EF70A2D27AC0158783E19EE9AF30F43D4F7370BAF36F39E21FC9F6058FDA055ACA7AC025AAA4AAA3BE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...T............." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-handle-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:CE4FA9B6076007756515717B711AF9D4
    SHA1:7AE7A19EDC7018696786C5CF793372DE3A7FD836
    SHA-256:412334E6F0F829A18EA31A06F380D3810C83292BD0691FBE8588BDFC07DD3A20
    SHA-512:62A9987289DAB6227391B9D5D02D3BAA23F2119B4CA59160759C7D7AB9D83016477DCC75DBF4CAC8D64BBD478AA0B53C791E01FFBFE8E1ED565A641BBC3BD668
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-heap-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:CD80166720668870FE271DB3A633F897
    SHA1:8A7091BACBF71CDBEBF2AC67CE68119833DB6B5D
    SHA-256:3DE73E2ED94F3D19531583F2C623FAC6BCE469A2DAFB36861A417055639DFCEE
    SHA-512:90A007C2D0132DE5835EDA3D5E89B6C97587217FFB0D0D7D24668BBE8872B1A98DB1C4D13ECECE03D042FAA997628BD73C60ABEBEAC771F1B07CF3FEA3CB55AB
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0...........`.........................................`................ ..................."..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-interlocked-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A62B72F523792F2844794AE3B376FC86
    SHA1:16377BEB178E4E3D898C3CD1A39147FCD862D661
    SHA-256:B6AA2F51B31C16D7C4474F6C42F16761C4C898A242CF91E93BEDD82A41F7CA1B
    SHA-512:99A93921C91FF5F61D367FE244EFC0D53BA5A495B8D8C1B648CD52CEC772FD61DC734EF423D060C7D34E2FD3B6408FA3CA8154B0960A10F47962414559586DC6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0.......,....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-io-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8F0193156C8C2AE29AE9BD705EF962C1
    SHA1:C68616AFB47DF3A87769E166DDCA1F5A33738313
    SHA-256:57E5219D4F8EBA6210DDFDEE3AD94224D59F655B27142BB905ABEC7444763EED
    SHA-512:BE00B3AE3AF72DB4F1AA6FB00C99C4628BC0EFDB0CE05252799C068EE00A7797CC3FFE99A5676C7F5D94A8E574CE9635C4FA7554C3F0EF2FABA550AA099E8310
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...I#.n.........." .........................................................0......`f....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-io-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F93D49AE8A2EAF16B551EE0A4903AC66
    SHA1:CC10C5EB8C52F4DEA38415C4842E812A447F991F
    SHA-256:866A0EE8782F846325695E6E55D2F507A72B8C3941CA1EFC6BB89EE13C5E2A2F
    SHA-512:DF55876D37CD731F36E1C5C70763DF6566657217F3C7D217787E6724F5635398134CEECC4FBC6E7357BD8EB36C613276650C229C8A864B7276CAB624F5937D89
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-kernel32-legacy-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:91A9A071911D868B67543FDBF26B245D
    SHA1:605E3EFAABF0DF0469CBCB497583F7279D2BC900
    SHA-256:3E76C447158810765794720006113656165FFB55557B4EA0B078528952F6EEB8
    SHA-512:1C2CCE3CC50ACDC54C3DDF9CC07C6224C907D8457A088ABF1913F4582A4341A13CC5C85CF70FEE19B7D5883068D28C789C99C54F18CD7FEA83971C15FC4B34D4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...leH..........." .........................................................0......\.....`.........................................`................ ..................."..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-kernel32-legacy-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:76086FFC31AD5179A3E309751CC7C9E0
    SHA1:E65F74F6FE1303CBAE08AECEB9F66F97EEC10BEB
    SHA-256:CEAF195F67F139C032D8A882171CED22376782A6C733D5F2F903590069E35D05
    SHA-512:EF7CCAF89C1C02CE84F1D23786689066B16310BC7365F6D8546B6ECC44BD2B15C3E4817308F6D39AD43E7F7215180E283D8EEFF8D70A5E5F3CB2CA0440C37A17
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....m2?.........." .........................................................0...... .....`.........................................`................ ..................."..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-libraryloader-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:AD262469A5A85FA1B1B2922EEFAD6823
    SHA1:123B05CF8A10437C9B6DB7357A1609F19B31D841
    SHA-256:A92B9E28CBF9B617D196B28EF8D7C2CDD311D2B48A41B08E7B5566B8BE04151C
    SHA-512:ADCF83D42FC8BA1F7FA968D6D7EF9C50AB6A1BE49B8D998660C5CA04D286C6188E1B90D7AABBA56E649415EB00C232AF9A51879ADB09CAC51C4F5D6AB6FFFB2E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0.......x....`.........................................`................ ..................."..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-libraryloader-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:738A58DE644D954376AD142D4BED92F6
    SHA1:ACB5A9315ACB6406D65BFB6FDFFEBB17AE8C3F6D
    SHA-256:DAF41A5C18D51FE7B1C646C4C0915E910A44BA6F82D51FCCF81DA4BCE984C235
    SHA-512:5CA5EB71F478D10FBFEC1F0B28F81FC02D72462E0FEBAD7BE125509FA7590E457728CB143E29EF1A78B457C8177335385023AD421B8C71A5CFFDB6A3512F088E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...`G6..........." .........................................................0......l.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-louserzation-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:39475799BFAEE65894F94A0F15D0D1FB
    SHA1:F7A4E3DC3FB5133C53BE4F1B7F1956D85F6F392E
    SHA-256:2D9F380091506EB22F0E92C68F6D8641C06FA92F733494FEE9836FD748A294D5
    SHA-512:7156D60EE067F99D21C9D88883C90E8C83D75729807CDD77A37D74D6B15A8224D93189C1283C8756EF18A965BB8A11AD2DA84BB6FE8ACBFFB83503FE6B5355A1
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......H....`.........................................`................ ..................("..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-louserzation-l1-2-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8F1D6065BE20BCC5E999EDE6D1ABE51F
    SHA1:BEFD3F6A034E470DC25E9C7D34BB705376118830
    SHA-256:EC687B33976033C12705B07AB25171652D9020B8E001DD7847307D4061C04DF4
    SHA-512:8A80495759F316C790D16F0861E860084B9A349339038E64BC463F28F53BD66BBC9B73DEADB91CF85CFED55A2D597E48C4BBDAF1EE71BD2E1F4959CD32A6EB8E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......+....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-memory-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:97927B64D4A38E91987FCED5D39D8E79
    SHA1:79834D99237FACABBA6ADD6E8FB083A4607D4B15
    SHA-256:5B19240AA954733C60F56482BE91089E552295292D7A669418E10215C0F7830A
    SHA-512:6A14D66BAB6B16EF443964FB309CC42BA7FCBFC6AE746F91AF0FD748C8FDCCD638F478C807FFDB066061B6B0BD8471700992DC983446E815B4FC9731C08CE454
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0......S.....`.........................................`...l............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-memory-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D906E0E41CF5EE445F02CFF8D27F7451
    SHA1:D11D9D4C8BBC24BF4BC46E9382913816AFC0181E
    SHA-256:3294D1E26238FD6474950B8BAE52CA635B68B05AFCEF3B7C579FA85ECE7C396C
    SHA-512:37FB50E72F8BD6BA5D1ABEF7BEFA0327B4AF00D83397EE9AB5EDB54D33A9100B0617A2C739597EBAE473EF91039373696B900DD7DE47C6FBC88059DB58B31BF6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....1............" .........................................................0......z0....`.........................................`...8............ ..................."..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-memory-l1-1-2.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:67F72D3E24F887DD8331FA812DB18539
    SHA1:B0E19D0B10A7055A02E526DB31F5DCF66B990AF5
    SHA-256:6A86AD9A154138D0160D0DE2C018475935D3CE16FD5FD550AF34BCC386EE636D
    SHA-512:E85E7427A040B1E50840E8E54B243E14F911A108D86C972BB7B6EE16A730AC8E6EA7A5904147D3471DAC8FA7ECE720A1A061541593A11AE2370F2360788614E9
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...q$............" .........................................................0............`.........................................`...D............ ..................."..............T............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-namedpipe-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6A90021A45818AFF3390438EEFC9B787
    SHA1:84E2A69F2F6C0DFCCA296BCEE032C1E0C19641BE
    SHA-256:A8515699A009E0E028B44851C02AA0F794D1D1B41A73772B98573754424E1025
    SHA-512:DDF441775EE6FA741A96F19D2D4EF208CE9B545672CA4B68C4CDDAA6C1D6032BBC1AA4E58C087CEA6AC8C2A4F69BD54541B83EA082F2F32E76F41C22C9C990B3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......Y@....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-privateprofile-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6258AA27FF031959451EEA40244C7169
    SHA1:128DD82A719F10A24C3CFD460B42096B304ECF1B
    SHA-256:E5D0CE32CBD2AE6EF326253ECA224ACEEBA9F2AB07410548F5431EC939BBE784
    SHA-512:1A61037219003842E3F7F5CC22D17635B65A8AAB09615E44661BDF9E38033C160595DCECDE308EF0692EB4CEF82CB157D820EAB69E98748F50D93139109ED027
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....-.Y.........." .........................................................0......G.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-privateprofile-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:3A0BDE118163FE7E0B1A314428B6E162
    SHA1:11975499E18333598D70C86F1F86DB08D637EE77
    SHA-256:27739C733E9AEAA819CC274970753F3A4D75AE9CFEBA97E09B1A4B2744D1F0CC
    SHA-512:B40CA409170D6D434DDA5FE9E3E68DC50BEA0AFE2B91609DBBDD20E6D2B28A9CEE5690A642AB59CE564597E8277C45964FEDF31F56BB77D64CA875CB8C78D4D9
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....6............" .........................................................0......Q.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-processenvironment-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:C0C1F885BF86C487ECF9608CFAEA3447
    SHA1:7AE85086713423333B1A4DC45DC79262A7B714BE
    SHA-256:E1E33D9F38F5E477C9763A7367B31321AD8E8ACD572CA623EC84421D17B511E6
    SHA-512:367F5DBFA06B534EA12FA19FE0911E1FA209668A40306632823B71F154B6DF28A7AA09805BF88BE7D7076E817384F450209D47830476B7A495C7F701CC3F61EA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`...H............ ..................."..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-processenvironment-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:20D6AE87762C4E7F413C7C0F0CFBAB88
    SHA1:0544F16AE1720DF68F0DC5A37BC3D72DE82A8475
    SHA-256:BF058145036C11FDB809A9B30993369E5D4FA9588597F877ED61BF634F01BE65
    SHA-512:3E4CFE76EB158BD3DB19CC9B8FC6567A2C0E888DC1D795280E936E2AD702AE82416F75CE02F21584A153FFB2092058D4FD664CB97A5E070DD675EB1E1A7706D6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...\J............" .........................................................0............`.........................................`...(............ ..................."..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-processthreads-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:89B1B41BE1FCD4AF04D1D55172C34719
    SHA1:E156CFEFD0350C84AD3E08CDC1BD283299CDF6D4
    SHA-256:33FDD447A19B761C7017F599DAB6C1EC14AF6AB139F81959E93E85C7A543C5B0
    SHA-512:EC3D3026AF951C4B2086E4C9E7741E90F7E64199564BC105F5847B08A70D028054240FCCA09EEE412F10E9681457D7DDBA85C77A8D7ADFE51F2F3323C41B3301
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-processthreads-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:915F1C029D8B51CE579FE6F5330A77CA
    SHA1:1629E4611E444FCC2514C522E6AC626860F370A5
    SHA-256:8065D56D1442DE48A43B98FEC8A9788EE144D997604180629CE303EE9BA53D8E
    SHA-512:E0D6900B9D8BD496D41C8CC538054E39E20CACA88B8C54B52A2EBC7F01B104DB25D9FE2D5FC2B269040CF75AD1C35759D7930BE874F034191D03E0DD458E3235
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......c....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-processthreads-l1-1-2.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6B8FD9123E59B177DF25262DD5ED30CE
    SHA1:D873C7140B02865A83AAFC134942FD00491AF0FC
    SHA-256:0FADE5F5F83D687C8C8F4F48C5DDABFFCD602AE663A056C234FEAA7CE80EBF13
    SHA-512:68E2A57B24990D02B61510242639C0F42C675B93E49E52E1BE12295399DCCBF37433B3A0B7A04147E16098980BB7EF5CA3A32972F87E9D73B83AF4431F0B8F9D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....~.s.........." .........................................................0.......p....`.........................................`...t............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-processtopology-obsolete-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5FF6D0C6F5E3075D3783B7D3B5AE62C4
    SHA1:CAC5BA2A96EE6427423AB7DF369E1DAF72194E48
    SHA-256:3AEDC0BFA5FA0FDFC50B3C7E2AF0F55EEBCBCF23388D0BB2067DACC5FE77F1FD
    SHA-512:C534DF23764C16FBFC7B38B85AB16C0EBE2FC8B23C218E7A681C003931F2A77F94BD2DAAE17995EEC5B5FA54550D4B330855E23F2EA1585592C800FC60C00D69
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-profile-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:98C7553268014D1A9B4B451EC44292E4
    SHA1:07B03A88258C5FC97358720CF4142698A3C2022D
    SHA-256:AA48FCE35A1B7AD8C03703C5821DADAA69D1773000505D988B4C0611A9BBFE2B
    SHA-512:09AC5444EAC1AF2717C675C8B23F4B13AF4AAA2E0E61C1B2BFE32DDDD67B610684CB39F3FF475C95ED9EC9314FB70D3CE5E5464ECC56FBC2E1E96CA5B6D43EB3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0......W.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-realtime-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:62CC1C89D8DDC87DF2D8C4B5BCCDD7B2
    SHA1:1B2ECBE48B62D225EBD9A96AFC673106CD1F6126
    SHA-256:84AEA7DF4FCD4DF58CB7F158EF1BF55BD1BF1EE42EB8DC35FBE93F0861EC9E72
    SHA-512:8849F93A4D0AFBB86CEC00E49B1083547725E7285E4788C750CAB472D8D012E28CD3C57E3C6AFB63EDF61CCE5222DF04D93D3DF0A6112AC53134ED9CD23EB650
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...k=~l.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-registry-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:391BDF1B8CB7B293B9365F9AAF4579B1
    SHA1:7124E42B2CF1DC52E6667D69E8BC282D99DF8D66
    SHA-256:30CCB52E1E7D55058AEEFD0934324197269F0173548067DA74079F2E7A5421DB
    SHA-512:CD47CCA5FA16A1B812C06A433CC0D529628659784E199099E1243AA498E71C3C40FF3A981697E2912F3BB66E86E027672F0BB571A9892832F54C7A37822FDE4F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-registry-l2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:9BA46D3E0AEF8068C5ED63DB9610652A
    SHA1:8097091C67947272F714952DB1B4C8F5CB65C28A
    SHA-256:732794A733D874319FDB08A8792977A23C7FF4075A8F7466BE1B95A991D33D7A
    SHA-512:37DE7AA6F8169A160096FC983E1E9C54409D800A489CEA2E24FB3221F29094CCFB3A81C581A5C9EC4F4F9E051061CB211E1C448E293FD7DFF99C214E7A48CBC4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....|............" .........................................................0............`.........................................`...8............ ..................."..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-rtlsupport-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8786314584FDFE3FEDF85EAA7EB5C008
    SHA1:918CE4C53463092C1B90A62BEF36C5B1BD6D56C4
    SHA-256:95ED852901E3F0384334A8363F97FAFA0004B97A9D7B3E0175100B9ACD1D4166
    SHA-512:43E4C44DF4B1231D3C1A2E6D9678E7CC0152D497ADF36E0C464B92530D2358FA303B90EFCC5E35ED9D789ED3D1ABB71BDAA1EC68C2B68FF41DA82613ACFF1620
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-shlwapi-legacy-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6FBB98A69919D9861460A168FC189224
    SHA1:6D0830146AF97DBCE9D424964E819E920DAE7DB5
    SHA-256:A1B36C903A0CDA601AAA5060B0C348CEAEB577D3F052B4B21E664F2898E40C3F
    SHA-512:F1B728D3F5B728D24337A0C92521964F11E26AD4264DC9A24886A425A96916A8055C4847A07C5CA05925FCA504AFFE86BEFEB83075CDD577D472702041C3DA79
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...QM............" .........................................................@......y5....`.........................................`................0..................."..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0C07D7A92F32D079E630C72FFCB34860
    SHA1:754AEE5A438815348672411A7A807C0347524004
    SHA-256:4334AA8029D99A792D15F083D58CC64A75844B9BADF483DE810620C0A4B49278
    SHA-512:FD1B34D2F21997FBCB52C7985FA067F21ACECEF48927C88AE3259CD5A2F50EB6B602E0678C83413BEA01BC020BD00749462EE0E4D8C52D734ACD23A32A4CB0F8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....5.%.........." .........................................................0............`.........................................`...x............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-shutdown-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:079F7E45244F41B7FFD30FA94A2A0C5B
    SHA1:08741BA96CA29774BE014D74A8D5D3138C984EEB
    SHA-256:C25C12DA448D2EEDD11A58DC41103357A023F582D35BDC6D32B1397C880FEFE8
    SHA-512:92D22EEEEAB48F87AF98DAD7F7A73A6CFB962FC67ED32ABAEF219AD842146E9C3EE4DB1F1081C0BE6613E75640E564A3218101C92A7A7A336A36106D92299066
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....4|..........." .........................................................0......x.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-string-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:1F52092CB4538F17F3EA7D62DB31BE0F
    SHA1:C9282A2D4B603367A6717A9BC3D59D7DA784B967
    SHA-256:876EAB922FFFF0DC4314ABCC212580BA8D3346B45EA2E51930C7CC8D6C5A43EF
    SHA-512:92C785BB1988EA3C61E0D2E031D426EAE87563C56741F82F0240B3BCF463EC733BA25AA1A7A1D776F1C14672266A22A997867C578A91D3B270696ED1DD7C3B21
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......Q....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-stringansi-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A1604DAD4871DE45227D7E450C332416
    SHA1:E9BAED80B78661CA7CFE60EEC7D2A13695D1032A
    SHA-256:9F35B8CB55697ADC8558B316F4BE899BDB15DDBF0A290D12ED0924CA1ECB711E
    SHA-512:D233EEF47F6E8FF01061C53974F2D1F62668D7C5B68E94ECADBE962AC204E8BEAD050D8DA8BEF24D50134F0BC25FFF434D2A80F751EFD46734325F80E75BD59D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....}A0.........." .........................................................0............`.........................................`...P............ ..................."..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-stringloader-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4D7DA451E60249546DD917A4E0E514E0
    SHA1:089CC4B51DC84E9E03AD27FA778476881DF40268
    SHA-256:77B6599FC3DD1E85F225B62F885C4FCB2A37A576A5185E640F5474F21F4E590A
    SHA-512:4DA003EE7D7A98948793FB3C021D35CFCAEBAECF22AF397222CBB0B224E8921D776199FBD66F3F7EF6F8C0E65BBF3ABC6BECB6FCE4B04E5E51B2E9651DB6BC55
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....#............" .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-synch-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:DFA89D4A72751091108FC3C08588D2B7
    SHA1:95052FF76ED7A19E07AD3B322A6EE8CC8340BBB8
    SHA-256:D517A0B9673EEFDCFC83FC8E03DCF5057EB1689B94E67D493AF0C16728486245
    SHA-512:7BA8465CD431C21858BA256438DDC4EFE5A20F48D320A3B97A9F1FD2C7F9A782B1DF8A620438A7A6FBBF0FA4A2B5EA4072DEA2575ED3B9BFC0187DA2093E6E75
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ..................."..............T............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-synch-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F98687F24C22ED699DBC3721CDA79044
    SHA1:67F97F2DC22A76C533435E9F3EED4D43C8265D90
    SHA-256:EA02309A2DE376DC9321E2A1154ABFE39170762AC24E5925D5FB8F3E726D723F
    SHA-512:64C0CB361328F4D2C4A6B15B4E345D6F3C83C195B2AC879712F443E722C6694A5A16FBDCA2B7CF287081FFE093EE0D01573B22D3241DE03CFA195BBBD6D3EB58
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0.......-....`.........................................`...x............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-sysinfo-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0BDE6DB4EBCBB3E639A0439B19559D34
    SHA1:8D17B3CE9621C690313806A82F1125E9EFCE30F2
    SHA-256:6D18EC951741BD2738B62C5DCCED6C9F8B9622238A26C4802556BDB8DF8A1DD0
    SHA-512:E2D6F60AF8DD94A060824940E4389896D3CE219408E262FD05D25FB25FBAC58C47EAACA2BC37F02EBE7339DFFF7C3E4E7098959532C3B8B05EA0110C13F9DC00
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0......;]....`.........................................`...H............ ..................."..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-sysinfo-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8ED77A8254259FBD066B7419DFBBC769
    SHA1:77EB9A397E8BE1FA5C620ED06B9727891574FBD3
    SHA-256:DE5857706C906DA8B6B0B70DEC5162F56A44A61A3E1086FE1445888757DB4545
    SHA-512:FA70A504B5D5E1E79C2C97946B1C6D7F31B93AD8956CC7DD495FC5E92CF564B7637C37E518B37BB2CD1C23116DE8D20538D8E4D73A79DF27F88E2A297C624246
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...(..r.........." .........................................................0......u.....`.........................................`...h............ ..................("..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-sysinfo-l1-2-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7A6174498D8B6DBE4F02125894AFD251
    SHA1:2DAAF8300419506BFF41EB8AB3BFCB531EED773C
    SHA-256:6C6942C16D814DD877568D61BE3520D7F54BD88750E96F1F778E3EAC88332FB7
    SHA-512:28A513D8CC07CBC78528D1C61C641223D3427E2F799C800990E4AB7A6270C3A3F3ED96FB8082B48A144AEFE6345B04706DAE90722E0BC79D41903EF305F37AFF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Z..8.........." .........................................................0......".....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-threadpool-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:2F8C2183E2B408A625202D596C462274
    SHA1:2257532CB2B848167411C41FBFCD2C1403E3FACD
    SHA-256:8263AE785E4041FD038FF58F4F7AB8E013AE63026837C65D98A9F492BC97F880
    SHA-512:51E10E3272F41592AEA9F9531085EA3794D9D99AC92DA214A1EEDB4806F2FD451DEDBC5D306BA6DABFBEC119BB4C947104E35BA20A78DC8210BE40E986A512B5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....[..........." .........................................................0......0G....`.........................................`...\............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-threadpool-legacy-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:9D82F9BA33292213E98B2515BE2E4ADD
    SHA1:52311B9070920CEB60DADEB3B553E7B8E44B2B80
    SHA-256:69BD378CA82BABA070A7761B7714B7437345FAD82C0A7538B67B0860BFDAAEB7
    SHA-512:BFF75D6E943E8FBE566E30F65337355C94A23E2574EE9DBA7B7F73F38E87EF4C5A86B646349479C211D9A56B23F870D3BCE6DDFCE1473C0800B06D89D89BBD23
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Lw............" .........................................................0......w.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-threadpool-private-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:93A0D3275EE195D6BFA343CF0DB3B833
    SHA1:FD3C756EF3916EB465EA8A035100230B76CDFD60
    SHA-256:F887C02AC2CA1250DD73C7840B0B4CFFA4A107FA17643016964DADBB176A578E
    SHA-512:9E20847528239F55910805AB7FAA495CB0930E32742004BF0E0A303B0BBC5C4EFA9A633973FCA77BD34C44E5BFD86BFF4FD5FFF98F7B13DC6FDF9686DE6F1ADF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....$!.........." .........................................................0......B.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-timezone-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7B2CAAFBE6B2C3D6CBF232610DCCC034
    SHA1:ED3F3CB464C779F224729C62ED2A4318F8D0AEFC
    SHA-256:BA0AFA1FADD4429693538AA2E85230EDCCC2E481F80B89666907D108D31BED8C
    SHA-512:E32C3B6F31C9FE31381884AE683178BFFACA4A88F030335A4502DE42432CC014337F5AC2C2ECB726AFEA15CA3F4C52C26D4024ABED1A4187C4773B8C6FF73977
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0............`.........................................`...H............ ..................."..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-url-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:EBF5E304C9129DBED5F94E11D452BF62
    SHA1:D854B50F597DDBEB4503C80EEF988EC5BCF3ED64
    SHA-256:C0BFA7C3BE1A5B479169783CF3E91FD9D471541091BAE6B1A6857382564FC37B
    SHA-512:346768834E272B42BD2B42E8177E225FFC20518BF86CB80A1FAC99CB6201FE831D295B7B6701BA7D76ACDC685ACC8046F48C4CADB65218F35553D9B8EF273BBD
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...A............." .........................................................0......4.....`.........................................`................ ..................."..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-util-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:04EDE6B39122AF646BAFC812BEB843C7
    SHA1:8E7F49B06BC6B5D55007102E8BB4558900E96B57
    SHA-256:1C8450668F49FEE4DE8559F312F7CAAF7DA26216B92D5A4C26493D8188DAD9EB
    SHA-512:FD348E7E90310EA1E14686EA3A3BA3B3584E2EC1BC659F40F70F87DD729530868C44FAD40D941A5724A4FCCAE0A7F1AD3E45F5CE9914E4DA055E9BB9A8B2AD10
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`...<............ ..................."..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-version-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:BA410EA6AA0DAF2E629FF207CB6E1C45
    SHA1:F8BD333C8F68033FE979C9CF02DCBD3EB0AAFFDA
    SHA-256:F0694DF2176F57B10E9B879606422339C1BCA6AE6186EDF29F7DBBA80026455B
    SHA-512:3DE00E4133A80AB2652FA29E770B31EC4EE48077EB772B16C0CDBF8BAAC82CF7BD2E14F68B8D83D66B20825E8BEF5A7EBDA0D301043F877E84D312E867FEE5D3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....~w..........." .........................................................0............`.........................................`...,............ ..................."..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-wow64-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7A1610447B0CDE399E1C927256F5920A
    SHA1:3EDD867C835EF700FA08167C0B4BEC03474FFDA4
    SHA-256:80D2A9073FA9062132537424458A3164DF26E2F19C4F280A77386DA24788B3D2
    SHA-512:522A8CB819213A837F46DED31ACB08B028E82B7E9064A96EB87146385D569EC6AFFFFE80512C4CB65D4319498481DDF9B3F7185CA056A9E45C96FC248E4F0D1B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...L..3.........." .........................................................0...........`.........................................`................ ..................("..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-core-xstate-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0F5F4BA04ECEB9473D7A5A237D47BA19
    SHA1:ED792D1A34F3C9B341C7833C64A3B35066167F14
    SHA-256:628A8787CD21A25D86705DEB3E263DBE5231A669525949C67D066FD19ED10848
    SHA-512:FAF1B696F4A767D6B588D437841713EC8C4BB96935BD2590BDAD0C574757235302169658B922849A477D16485E5C4524AC11C60F8ED5033DEB2B891224747A3E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....(..........." .........................................................0......6.....`.........................................`...t............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-conio-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:B39818632A1E37FFF6BF0DDA3F2C1732
    SHA1:8F49FD8E54A3FC93B89B75B4EF1741E08880DD29
    SHA-256:24D1AB93B6799378C110E0DD164D82C39AF1B8FB50BCCB754B1B52B3B68752A1
    SHA-512:085902A0AFA9B6868C0F7D91B2C45A5A780EE154A0A39BF733A27D4CFFFE0FA9B4CAB91503EDB01344CC5B664C768F72063EBDF588AB5019D1A53F2D43F0E8C4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......R.....`.........................................0................ ..................."..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-convert-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F1966E566459389D610B3773C3E065F1
    SHA1:E123168541D78E792D8CDBAA6B473F28C1064954
    SHA-256:DB128A378C682A0ACD5FB4D074B45FAD33AB57E70637F3EFF917562D8100923A
    SHA-512:A0D2F959CD28B48791D60BF7488AA26231439C83DFC9E474F17144963BC57F143FD3E0F1904B63948334D3A83B9A5BDD3B2DAD81F2E6584303C1C9BFAA9A9C78
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@............`.........................................0................0..................."..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-environment-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E2686222CF81F2ADE726D5B7D61717F4
    SHA1:8ABAF7CCC964A49A0A49D3A2887FFAC7A3DDB64A
    SHA-256:58B2B1272AF9351306356A097499390852EBA5C429A148283DDC80117980C13A
    SHA-512:DAF4149ED1FF432970B8FAEDB3120DF24E9BA424B0D0668A5BBE04BFC0F3390DF718328FD7665F3DFBBA0FDA037032F5222CA6947B4879DA544B1965696506E0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0.......w....`.........................................0..."............ ..................."..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-filesystem-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:25586E8F953667BBBB2A7F2E25949808
    SHA1:9597DC051C9EF3C234D03C5856402964E8E36110
    SHA-256:C6FF48E6EDB727FCA3971DB306E617462A4D692CBBBE2693D447F072720ECEE6
    SHA-512:AF607633CBDEBAD127AD804B4C54957E74102D0F4FDE2F3229E163FDA7EFD9BFB923E812D25CDAC13332FD7F6584830BE8CFAAB4C84CCD78E5642A014E5A8B93
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0...........`.........................................0................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-heap-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:08F8E94021B233848DBC1624CB17BB7A
    SHA1:8BDE9C791550226A6E139D86279D22D12054437B
    SHA-256:7ECBC9B895AD5A70CCC45E85D3EE401AE0517B71040354351B63D00814D5428A
    SHA-512:C8ED343189F6F0FBF89B060FF62053BBD17540D4AA7358B355448C57F6D18F988673806C3E4D103C47A9B09CBAAF0829EFC1C6D779F5B563E9BA326C5413B7F5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...h{............" .........................................................0......@I....`.........................................0................ ..................."..............T............................................................................rdata..F...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-locale-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:54A1DED1160D8E7A02307B63C191E42E
    SHA1:BE3DE75C0FCC802D2CFCB759288313ABCFFD2EB9
    SHA-256:ACC5C813E40E55C5C242057AB15F3D9049850D7345D8509F7044BC905DD3AA3A
    SHA-512:41A1ED1393857B38137CCC91C5519DBF2D054826515F321F2CBB86A21D7086AD5098FE6A2DA9173F32B8D7FCC41A893C742DA0FDA99F8BA179254CD2097C59A0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...+P............" .........................................................0......".....`.........................................0...e............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-math-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:B3937AE7171B6B3D02166BFA9CD6CA9E
    SHA1:949C7DFFEB2A0957F741AF5CADE887D8FA0B89EB
    SHA-256:84B21FD1737B7D8953E22BD4DF29CD933E3FC0A07D134598BF062F7ECF984AEB
    SHA-512:00EFD098585546C25B4F8489673B8707E411FEB1CA0936F4FFB9FFBFDF160218EEF8E6870EA85CDB659C2FC243A473C28C7BD9B9D708163181BC9EB85EC416BC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...IV............" .........,...............................................P.......d....`.........................................0....%...........@...............0..."..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-multibyte-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:18B875B9075AC3BF21FC8DB56D774ED3
    SHA1:DA8802907A4DB504BF694465BBCF4A1C5BFC49BA
    SHA-256:343B5FED7783130B1E96C524E8CC84FD0F690A66614756A5EE117B35AD1087E3
    SHA-512:F85CBB31A24CA5DDEB3589889D23C415A9798AE8F80F5802A60075AC04A23904E13921DAAB311210169AE11716DF4CDD9605F930E84EECE2C70E1D33FA06AED4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.../..N.........." .........(...............................................P......n6....`.........................................0.... ...........@...............,..."..............T............................................................................rdata..$".......$..................@..@.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-private-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:25714A7D24E8D75B240A618668BF55C6
    SHA1:D54573065A5B21CFBBF3FB9F07B172FC22B4C2DC
    SHA-256:41B7A63FE1FE274F3B7C74A75602BFDF91528E01FACC014F5C6FDA7322B54DE3
    SHA-512:6532080A54350492774D806A6B9F799CA5817067E999CCC901BA5D7949E89CF24B7A50999646D9E71023EEAAFECC859E46F9A1B1F4322C5CAA14CD70FCDA60E4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......F.........." ......................................................................`.........................................0...T................................"..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-process-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:09D0BFE93E1F295C533DC360A3490167
    SHA1:5532422719BB183B92923AA1CB03D05F8CFDE61C
    SHA-256:9AAE2D8C26F613E368EAD960A101B05BCDA63B0109BD24A6AAAB8C45EF1AAB93
    SHA-512:60CE0B8ED8F1D119897FB0B8D0AF1D615B88E672E7DB6FB8B02E2DC50D93EE2273744A4BDA0C06550250595AE570C0ED506CFA49798314497478CCC6AA68970B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...P..D.........." .........................................................0.......8....`.........................................0...x............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-runtime-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:AFD2D84FB1CDD0C03EE2888CE4FADAFC
    SHA1:C2EBE9EDE75C0956F7D8431B0EA345672132A2D3
    SHA-256:26CE526A30CEB11AAD52B71AA4F3EA65AFE2FD6987AB517B7E86823687BE6D2C
    SHA-512:DEA9F4737881C4CE5591EBE9875E0981DC360DF56505D8CD9204FB15C08FC84C1B634957540A22B11C222A11F1C99A2B401DA50E55C8964C91262B186C030410
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...9..b.........." .........................................................@......./....`.........................................0...4............0..................."..............T............................................................................rdata..d...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-stdio-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:2D7B04CD3E93F0C32BC999A8DD06CA31
    SHA1:2046473BFD777C1780E2FE51C840CA59CDCA8B8C
    SHA-256:B8A352807A073F0D676C862812EB768744130C1553970FE1A32EEBFF9B55AE28
    SHA-512:8A1C85504328F9F65A828D13F932BD6C7DB45736029F123C4E624FB77FEE8C7CEE4404224AC915C2F3B0BCEE0822BE5295B1DAAA290C269CC4008F4F31C2B862
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....v..........." ......... ...............................................@............`.........................................0...a............0...............$..."..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-string-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5C1ECCF8F088C294E4FF4ADA4E559567
    SHA1:BB8FC158E23445BC0DEF4BCBD4F9A622B340BB6E
    SHA-256:F632698BBA686C32D5DE71D42EF2080D793B52C7A2EC409C8440D0AAA315E9AC
    SHA-512:02CB60E4B843C4622D410ECFE48285B983A1C750242A6E894EC6556FDC35C5076437F176E7D4DADF5BBA819CE892B426F2717503C2A09B7DC1DC5FF6D3D830CC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......e.........." ........."...............................................@............`.........................................0................0...............&..("..............T............................................................................rdata..............................@..@.rsrc........0......."..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-time-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:437B1F0308340DB8C5D0D7F3C72706D7
    SHA1:C341A5D909855E08AC56FBFC627C61E941F7F7E7
    SHA-256:77F3C912052578780F06D6F63CD3FEEC925F9C20C5F0218DAC9E9C0950644614
    SHA-512:F622C662AA90D1F3C3A5CB316385B17DABE8AC201BBA07D8DA3B8DF8D96FD298ED39B651B4EBA1C116AD9C1C26B17A2DD32400B256DC30B5B3BCDB1D7D87FC89
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0...........`.........................................0................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-crt-utility-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6C82E6BDC1D0D0746803FADAA0C5FB7C
    SHA1:88211EB2B86D17D343F4AEE7B338882258DE7E5F
    SHA-256:C41EC07B44ED1CA5B4E2A32E31D7D4EA8C31F419F9D6C5795C246D9DCEE35A02
    SHA-512:864ECC4856F235957EA44D84A5A71ACC1E48DF1575A606DC0150A10EFBF889FD312783C1C3E9466D715BE2A09E0DD6197E48197CBD5B82CD7D9E57BE10410995
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....t..........." .........................................................0............`.........................................0...^............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-eventing-consumer-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:42F69033B73661BDEAE4A075C853D2EC
    SHA1:2311528C88BE1810D63E040BDA9B9844C7A69A39
    SHA-256:00D3A4A87687D32685F91474FCE5C10C4CD659D1000C80D6ACD24881911EBF48
    SHA-512:3772DC579B1662F63D8B25DF410754EA19F62DCBB8190BABEADFE8476FD921EEB36FC784296006D45F4587F40331E037A5C7C8A21344AD67BC3869E97274D3AB
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0.......M....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-security-base-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:1E0F171F06926E625DCE8F058C86A410
    SHA1:F9FF3BF6838008FE137FD64D68BCB6F48754B9D7
    SHA-256:A29AA72CB6A2E0CB7FAC180B28F7BFE0D3166CB2FF56B270A29FEE2EB676A042
    SHA-512:D189D69AE212000078EF059E36AA72972035B8E07E00BF030D96B3A2E4F35A1C5157637BEEA100D0E9B3041A19A5DCA4F545AEF585363027FB650B2357887273
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................@......M.....`.........................................`...L............0..............."..."..............T............................................................................rdata..p...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-security-cryptoapi-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:B2ACE524A1A6192C76143529117D8B97
    SHA1:0AB2CA1AC8ECE59F3F129C6DB78680907BB93F8C
    SHA-256:54004C150C6C5E0C0B9362548E0307F2617A27B8AD8233A5DEA1AC9F5D15C26D
    SHA-512:C21376063D886E3BB39B42B44577BB90226AE5FEFFD3FA2E6FDC9ABDD1C6612436134D62D0253FF601F4A65CCB06F3C5D164107284815AF1165B791615936FD3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......C.........." .........................................................0.......}....`.........................................`................ ..................("..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-security-sddl-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F98D5380051D2EC7680DA332834CB378
    SHA1:EB45374207416FE744289BB7222B7F6A97F5FC80
    SHA-256:F9326FB6849C957522E9FD5933C96FD49EF7E45A6780EA427E23FF8692417BDA
    SHA-512:72A5B1A699DAA0EAE14B261FC0ADFC858E3E2AAD2F40923286D229F711EAB10A117023B510D8BDC26E5D5300FCEB3A270C436E75F7DF03FC1D148581B19A3068
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....B.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-service-core-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:FA7D25B2FDC5D2FE825FFE0B92018BB0
    SHA1:878CC753B60B38AB1563FE7DE5FC121C70648967
    SHA-256:E21740D86814583E10F1831096E089BEBBD5073F6F0DEB3EC53C8661E4B7363B
    SHA-512:E0E231F284F51D08DA73AFD8F9D328CCB66DEAE7B2E049C18BC8F26CC0330E2F98551F7350BA625F57E75DBB91ECF5630A03B2C2D5064D46861D7802441F61CA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...W.{S.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-service-core-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:41303A8F57D67D43D446C56D96CB54D8
    SHA1:BEB1C7E2FFB1648B68031DAE060751F2B0361B89
    SHA-256:3658F5ED245CED65D9F103945357AC75C797762B5A02C7F27CC29733A8CB0559
    SHA-512:E143AD4EA1B03627B7E0D6E0C22ECE467B0422BE770A4B2CFD6ABC6EB08871F50835F68DEB16903098A2C86DB35D634D7B34BE1F890FD4253312017A29D43AA3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..."Sz|.........." .........................................................0.......Y....`.........................................`................ ..................."..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-service-management-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8FDB305BDD488CD8209DB0F1DD1C385A
    SHA1:F7B7554AF9A0F9F164E9C5AC3744FC0C550FF358
    SHA-256:7F45493459B58AE2074F604F4DFFD35A0DBC0CE1EE7D110035B7B9DC6D84A9F1
    SHA-512:9BF20B3CECDE305AC0DCB4381C946520E881F7894D29E084A40BC3BCB14166552343471D2C5D987CFCEAD27701B7196CFB1F37002FC1323B79FD83F504BDB22B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..............." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-service-management-l2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:75ACD46201D7ECC997688909A708ECDC
    SHA1:F756EFB531B24A5EB28EF041D9E4193A62A22BF2
    SHA-256:5E52F65A6DCC3469E2D6C45E13FE740C878DB77099471E2910D996C7767EB9D2
    SHA-512:8DD24FBE9F605BBE3F5A9E02A36BDBFCBEA1F25D79FCF54F0E39324CD625D6034B95D3950CD56ACF7165EEDF7D79040A12BAEDD8B8CF74C6CA060179DEFFE4EF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`...\............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-service-private-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:B914A0DF66E9BB426A7012EEF0E29445
    SHA1:395CC316DF10DA59BD60CDE097A6CE80B052E936
    SHA-256:7A2278BD9BFCCEC089B5E9EA274EF0C2FA8E580DD86D9D3D9B671960FBC050DC
    SHA-512:46F1559A9DC1D073AFF7E54D40FB0DFBEC855BFBF7CDE24E9831CDBFD37D140961D4622482E53AAE0488CE9B0DF77CF2ABD1FAB1EAC0D27AD310EDA5E37A36A1
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....2~..........." .........................................................0......9.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-service-private-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:3B5F4563DEFB76CECFB35B871DB3D479
    SHA1:AE9BF3740FA0362015216098331667D6FFFCB046
    SHA-256:85E921A12E229AA58FB3F1697B9D5BFF6B5E5FB6BB26612E63FFAC68095584E6
    SHA-512:F10A32D779113911564F533C872BF1D62956D99236236610982A4C2D00D52497D5A5DB5386E478C909C0FBDF31F19EB26DCC7235CA322629FE77E0572C3F7D98
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....+]..........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-service-winsvc-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:88154EC235F2F0875C782048D5028F9B
    SHA1:11C59E52CA11B7651A1E3893ACCC11A33814FACB
    SHA-256:62B7169B5611634140E36556A6B5AA97B61B55F27489A71532BB99EF5263CD79
    SHA-512:F2F9FB5395F351645C4E171587EA94FD369BB10CE742E34F5B96CCA140D4CECE162753B8ED59A5380562470BA56D6D2827B278A4CAE675C9A03E2F5EFB291792
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...D..T.........." .........................................................0......66....`.........................................`...|............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\api-ms-win-shcore-stream-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:C825E9272B712E2A1B5A5AB40496FBEB
    SHA1:BBE49DD42FD7AE672C8093F946C83955F362893B
    SHA-256:C13FFB664D7D3826E65971403178ADB9B7AE90DE0A7AADD7166E842E9E69245C
    SHA-512:4EF5F79219F27F24F353B1016BA5E798ECAD61C83115364700244DE859C9D5DFB415AD640536A6194549726D25B2335DDEF613A0168C62081D24DAEFC19EF36A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......a.........." .........................................................0.......b....`.........................................`...X............ ..................."..............T............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\concrt140.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6800ED63E35C5E9BCA30EAD9FD2BC917
    SHA1:EE397D85BCBD0E4FAA1CB38125654A80464C427B
    SHA-256:9FB6FADB1BB526E2DA08417C656FA8C76377D19D94A7AA3CD88E66B68649871E
    SHA-512:1BA5DA0EEA2F1C369483548CE33635940E51DE7134647112B74909A8508748C34E6DDEF1A5DF58A72F24C351CAB2B930D49F0B6E0DD5DC5A05BFE3B01552F756
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_Z..>4.>4.>4.+...>4.F..>4.!O5.>4.>5..>4.!O0.>4.!O7.>4.!O1..>4.!O4.>4.!O..>4.!O6.>4.Rich.>4.........................PE..d...".._.........." ................................................................].....`A........................................ ....M..,................p...6.......#......p....4..T...........................p4..8............................................text............................... ..`.rdata..z2.......4..................@..@.data....?...0...8..................@....pdata...6...p...8...L..............@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\config.cfgc (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:63902D129C999158F538C746D3E39FF1
    SHA1:D44C6AA49151250B658B149BD3A921BD053868B5
    SHA-256:09BD573D367ED4DF6058DD97EBF93176528AB28D88EDEA63F673F1113A31590B
    SHA-512:9C32BF42A861045020CFF13CEBF266004BF4DA94C218BC537480B6B5353B9527CF9E472302603B524C7E4EC17DE2CBDD47EE180EAA2EE3F2597752DA0490DAD7
    Malicious:false
    Reputation:unknown
    Preview:Ws!?..... ........................bT.....x........ .. ..RSB.....^.JD.+.WdY.S2.?R.."...lIvB...Z.....z;Fo...KO..BId.....8..J.7a..Xb................ b..[.?%ppM]JM..?.g ..Bg..yG....fT..EM;{J......y.-A<O..z.;..7..n.u.1...0...B.q....~.w..l..Z...@~q4[.Dv...y....d.-..9.HW...B.qS..(.uZt.e..\.+..4...7..!v.{.?.<:..-...~....W}#"K$.s.e..z<..+e..../.$.(:.P.9...~.Ea....;.>D.w........Nc..G.........gO,g8Xe.G;p'.Ex.`..p.....D..-.R..#..X.....A.....6..8x.#.1.7......Y.`{..H.&.`...I.m.4lx|g.L...-.U....J.$.m.C/...b...J..s.'..p) .w..np.......5N.S...}B."J.dKE....qC.x;f.I.N...8~].....D.t..((......y .B....u...O..w....x.K.....X.u..i.zV...%;..o#%f.....9.Cx..........0...$.t.z.QXR........F=......W.q.e8S`.G...,NTJZ_..{..M....k.P.8I.q...K....).'.dh$.u...s...D.N....z...>5..Nij...`..".h9S..._B......vQ._...O...h&..<.......5...s)......f..F..G.`D..c..%^......SH...sc.t7.:.P.......7...T....7.F.5."(KG...J.m.U.......4..x.8.(O...u.6.C..2.X.....$n...|@.z.).w"@g@..X.MT..A..K

    C:\Program Files\Topaz OFD\Warsaw\core.exe (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6178A839082F65CA09FBF5F46875A771
    SHA1:44AA56EFB06E7C6263C37E4C0D2CAE95BE83D85A
    SHA-256:BE40B3B8721784341B779EF54061EEA7DCBEEF3D9BBD6691721C47E19494D082
    SHA-512:EC15B45C7FC37A28F802E161AB114D307E9E270CB91A0D4763BCBF7C2D59FB94D269963A36205FB9A98D78695FA92635C29BF1468F2AB762A5D81ED5B3CC8C7E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........(.{.{.{..-{.{..z.{..z.{..z..{..z...{5.z...{.{{..{".z.{".zd..{".A{.{".z.{Rich.{........................PE..d.....e.........."......@.....................@.........................................`..................................................{.......@...K..0...dw......8)... ..p....:..T....................<..(...`:..8............P...............................text....>.......@.................. ..`.rdata...[...P...\...D..............@..@.data...xP..........................@....pdata..dw.......x..................@..@.dbld0...............0..............`..h.reloc..p.... ......................@..@.rsrc....K...@...L..................@..@................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\features.datc (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7E2E4D0E323D09ECE011920FB8F79846
    SHA1:732495F032A880EF03AE9FFB85183E1619E9C506
    SHA-256:F23933C16118B6CD1AEDD8C84F71A6844FB86A6B67B45A68397FC950947144BA
    SHA-512:F5A259CD10896F81594778AD86D383A393CC59B71E6DBE7CC4B20FBE88F17236136C8CA11EAEA69334C05228A6F4F543BD8290FA1941DFF16D3729F1E83F3C5B
    Malicious:false
    Reputation:unknown
    Preview:Ws!?....................................3`...... `.. .. ..[WM.....^.AC.!.UmT.Y;.9Q...../..../:..j.6Zx&"....&.@KS.".....P......jJ..R......p..Ce.F5....*..........=.`Arz...=P.s...T....4.y..N.d....Rh..ZQ%.(..Q.).O;..o..S3"h.X....!A.9;..9..<..;.:f.6.../.....m.@.`Z..`... .d.....Y...9@_$7s.;..nELm'.1.B.J.I.q..Av.o.;..{AC.......t\Xfdt.........dM$]."~S.....}G.x....r......Y|}.....A....=....)m..Da3\3..5....W.=.`c..........eT.o........=n....<.N.l....j.|.+...S..e,.....B..O...T..u..t..G|....[P.\....D...%.:BYo....R......EdN..<...si.i....^.T......dnd.......J.m......DW.,q.4E...m.^.;u*.V..8....p\.w.l7...=..^....*tj.e.o@..C..H7...?Y..oiL........`.....4r.rY.?.q....7S.."..d.....o.x...<.nP..."._..;.p......P..,.:"..1s..M.r. ._..W`.+...6.s......!....KEw&X.wc..x...F.b..{.I.\..u.`.6..G.v....g.M!...Y._..`.^_"i..ik ;N.|..X....>;..r.)..Q.(.K.wSom!.....&p...Z..4T*.h..a..wBM.?.vj.U.g.....".T.~..Xd......T.)...H......N..W3....2....Fh}.ED..=...m9a.....%..oR`..

    C:\Program Files\Topaz OFD\Warsaw\gas.dbd (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:75D92FA20E53408124D930EB769FDDB7
    SHA1:C26980DDFEE57B28E318F6F2A28767720CFBF2D1
    SHA-256:DEB04A11F87FF08B32B07C601E96AE8423F00BD86CE85B538C26583E5508BC44
    SHA-512:2F55E74CE8BA7F82E1FD5BF5F8174CC3D1D19068A2ABC8132602A2A48D9B6A7E8FCD8C35BE4E9B767803529425207F5239F7BF59B9D22999E83822AAA6B6CDEE
    Malicious:false
    Reputation:unknown
    Preview:z1..............[8>......................................)A...................................p....C@.].....P.` ....-\.W..~..P....&.....;...c.L.SB....t]V#{.5;...../...{....t..........5...@Lu...n^.`l.|....7X..).....,.Le...p..5/S:P.......l.......}.....'r..#Nq...G.._&G...@......;.@2.f..v....{..........-.m..MR.<..q...x...I..m.."B.tw.b)....j.Y.I.!-.?...k..{...>..+GF7ERK.h.6(......o.|.s.<Az_[.Q...Gp..ZQJ..D....}...2})....R. $...GA....}...... `...F..NY........7XMZA.P<...Nb.......d...q..R-SO.).m..[L..[.......6.4.t..............#Y..+...gV.:..)......jj.......?CY..X2.R..D.v......E....Gbm./..3.#J.........~{..td..I-.JHDq.af},.de.[Y.+..}.f..q..G.R.."..Q.../.....>m.W.=.z...Vq<|Uh...._.z.=..>Y27^.M.b.9..YD...-..}.;7.f.q...gl6..#.f....i...........]Gq...[.........p..0.%..:v.`...0S....o.G..p%..Y.^..]...u...o.rb.`...,_&1..S.Z...;~H..4,z.N....\3/l>.....!0....FA.,4O..Z..8@..-.e..`..$..4.^..h........N...R..&."K>..Q,Q."=..QL1&6....(..ye]..;KY.`%..=a(...N..P....[.B

    C:\Program Files\Topaz OFD\Warsaw\is-0MV76.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):13320
    Entropy (8bit):6.737342751873627
    Encrypted:false
    SSDEEP:
    MD5:391BDF1B8CB7B293B9365F9AAF4579B1
    SHA1:7124E42B2CF1DC52E6667D69E8BC282D99DF8D66
    SHA-256:30CCB52E1E7D55058AEEFD0934324197269F0173548067DA74079F2E7A5421DB
    SHA-512:CD47CCA5FA16A1B812C06A433CC0D529628659784E199099E1243AA498E71C3C40FF3A981697E2912F3BB66E86E027672F0BB571A9892832F54C7A37822FDE4F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-0U1PU.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.767632746563805
    Encrypted:false
    SSDEEP:
    MD5:3CCC03B2612E88DB36D833665DB13635
    SHA1:FE668A50BE92B8DF79259685D74D163A79BBBA12
    SHA-256:2B38716C6A57945B4CCE9F619F252B34B578FC58ECF1D8AFBE76400ED6DAEFCC
    SHA-512:C5FAACE37B3FCC30BE5F46A5B27298AFF3B39ABCC73FE81462876B94D55CF650C3C374B6B04A9F9C6E78746A589B0D8871C3619511B15BB5D64B9E4318BA1042
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...%............." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-0VCHS.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):94088
    Entropy (8bit):6.4315064777018955
    Encrypted:false
    SSDEEP:
    MD5:7942BE5474A095F673582997AE3054F1
    SHA1:E982F6EBC74D31153BA9738741A7EEC03A9FA5E8
    SHA-256:8EE6B49830436FF3BEC9BA89213395427B5535813930489F118721FD3D2D942C
    SHA-512:49FBC9D441362B65A8D78B73D4FDCF988F22D38A35A36A233FCD54E99E95E29B804BE7EABE2B174188C7860EBB34F701E13ED216F954886A285BED7127619039
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(r%Ml.K.l.K.l.K....n.K.ek..g.K.l.J.@.K..bH.a.K..bO.|.K..bN.s.K..bK.m.K..b..m.K..bI.m.K.Richl.K.........................PE..d...".._.........." .........^............................................................`A.........................................1..4....9.......p.......P.......L...#..........H...T...............................8............................................text............................... ..`.rdata...?.......@..................@..@.data...@....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-1299M.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.680660424516745
    Encrypted:false
    SSDEEP:
    MD5:915F1C029D8B51CE579FE6F5330A77CA
    SHA1:1629E4611E444FCC2514C522E6AC626860F370A5
    SHA-256:8065D56D1442DE48A43B98FEC8A9788EE144D997604180629CE303EE9BA53D8E
    SHA-512:E0D6900B9D8BD496D41C8CC538054E39E20CACA88B8C54B52A2EBC7F01B104DB25D9FE2D5FC2B269040CF75AD1C35759D7930BE874F034191D03E0DD458E3235
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......c....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-175RL.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12808
    Entropy (8bit):6.617957123156255
    Encrypted:false
    SSDEEP:
    MD5:09D0BFE93E1F295C533DC360A3490167
    SHA1:5532422719BB183B92923AA1CB03D05F8CFDE61C
    SHA-256:9AAE2D8C26F613E368EAD960A101B05BCDA63B0109BD24A6AAAB8C45EF1AAB93
    SHA-512:60CE0B8ED8F1D119897FB0B8D0AF1D615B88E672E7DB6FB8B02E2DC50D93EE2273744A4BDA0C06550250595AE570C0ED506CFA49798314497478CCC6AA68970B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...P..D.........." .........................................................0.......8....`.........................................0...x............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-19RUB.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):13320
    Entropy (8bit):6.584290207639561
    Encrypted:false
    SSDEEP:
    MD5:EBF5E304C9129DBED5F94E11D452BF62
    SHA1:D854B50F597DDBEB4503C80EEF988EC5BCF3ED64
    SHA-256:C0BFA7C3BE1A5B479169783CF3E91FD9D471541091BAE6B1A6857382564FC37B
    SHA-512:346768834E272B42BD2B42E8177E225FFC20518BF86CB80A1FAC99CB6201FE831D295B7B6701BA7D76ACDC685ACC8046F48C4CADB65218F35553D9B8EF273BBD
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...A............." .........................................................0......4.....`.........................................`................ ..................."..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-1OSP7.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.6965040580473545
    Encrypted:false
    SSDEEP:
    MD5:8F0193156C8C2AE29AE9BD705EF962C1
    SHA1:C68616AFB47DF3A87769E166DDCA1F5A33738313
    SHA-256:57E5219D4F8EBA6210DDFDEE3AD94224D59F655B27142BB905ABEC7444763EED
    SHA-512:BE00B3AE3AF72DB4F1AA6FB00C99C4628BC0EFDB0CE05252799C068EE00A7797CC3FFE99A5676C7F5D94A8E574CE9635C4FA7554C3F0EF2FABA550AA099E8310
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...I#.n.........." .........................................................0......`f....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-243TO.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):15880
    Entropy (8bit):6.447776302900069
    Encrypted:false
    SSDEEP:
    MD5:F1966E566459389D610B3773C3E065F1
    SHA1:E123168541D78E792D8CDBAA6B473F28C1064954
    SHA-256:DB128A378C682A0ACD5FB4D074B45FAD33AB57E70637F3EFF917562D8100923A
    SHA-512:A0D2F959CD28B48791D60BF7488AA26231439C83DFC9E474F17144963BC57F143FD3E0F1904B63948334D3A83B9A5BDD3B2DAD81F2E6584303C1C9BFAA9A9C78
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@............`.........................................0................0..................."..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-2A08E.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):321336
    Entropy (8bit):6.605679546109848
    Encrypted:false
    SSDEEP:
    MD5:CD3C37A6EFC472F8A9190F53059C6450
    SHA1:98779B876E2AFA6A44CAA7C711DECD9070A69685
    SHA-256:5E80230D26686CED762CF7C509F576D1CE68E5DB19B575DCB9D146360415AF88
    SHA-512:A7ADD42E4281EBB94B05AB10A91C8B71A1406BF4A73C181AE19E79AD428BCACC79291408DFB4C2128EF589F40D2E68DC32D499E1337969A7D107FCAF1F73F2F7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................r...............e.......e.......e.u.............e.......Rich............PE..d......e.........." .....P...@......@............................................... .....`..........................................'..H....'..,...........0...........8)..............T.......................(......8............`...............................text...sN.......P.................. ..`.rdata..h....`.......T..............@..@.data........P.......>..............@....pdata.......p...0...J..............@..@.dbld0...9.......:...z..............`..h.reloc..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-2F7HQ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.598796626688077
    Encrypted:false
    SSDEEP:
    MD5:3A0BDE118163FE7E0B1A314428B6E162
    SHA1:11975499E18333598D70C86F1F86DB08D637EE77
    SHA-256:27739C733E9AEAA819CC274970753F3A4D75AE9CFEBA97E09B1A4B2744D1F0CC
    SHA-512:B40CA409170D6D434DDA5FE9E3E68DC50BEA0AFE2B91609DBBDD20E6D2B28A9CEE5690A642AB59CE564597E8277C45964FEDF31F56BB77D64CA875CB8C78D4D9
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....6............" .........................................................0......Q.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-2G5JK.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.622435082273248
    Encrypted:false
    SSDEEP:
    MD5:41303A8F57D67D43D446C56D96CB54D8
    SHA1:BEB1C7E2FFB1648B68031DAE060751F2B0361B89
    SHA-256:3658F5ED245CED65D9F103945357AC75C797762B5A02C7F27CC29733A8CB0559
    SHA-512:E143AD4EA1B03627B7E0D6E0C22ECE467B0422BE770A4B2CFD6ABC6EB08871F50835F68DEB16903098A2C86DB35D634D7B34BE1F890FD4253312017A29D43AA3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..."Sz|.........." .........................................................0.......Y....`.........................................`................ ..................."..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-2HSS0.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):523576
    Entropy (8bit):6.645624061320983
    Encrypted:false
    SSDEEP:
    MD5:2A31F4193690FD6163898C62A16396BE
    SHA1:D23959E134271DD764878837486E91456200E241
    SHA-256:D92BA39475D91924E6A8FD6F4789F2ECD3D5FEEDB35B28BFBBAD6C7C6C693404
    SHA-512:AFA5BB39702234B92D0D35B9CA92B5AFE73954BD228D10622FCED0FD52526B79E0318FD9B62E4CEBE0A6AEB8608B5EF3616691B0084C2417AC24F7089D4FD202
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F.V.(.V.(.V.(._..F.(...,.^.(...+.R.(...-.O.(...).P.(...+.W.(...-.Q.(...-.t.(...)._.(.V.)...(...-.L.(...(.W.(....W.(...*.W.(.RichV.(.................PE..d.....Ud.........." .................d.......................................P............`......................................... ...\...|...,....@......0....H......8)... ..x...hF..T....................H..(....F..8............................................text............................... ..`.rdata...`.......b..................@..@.data....2...0......................@....pdata...H...p...J..................@..@.dbld0...T.......V...f..............`..h.reloc..x.... ......................@..@.rsrc........@......................@..@................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-2LNO6.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):924984
    Entropy (8bit):6.561005469071917
    Encrypted:false
    SSDEEP:
    MD5:52ABAC6500B1F06662908F49DA494B5C
    SHA1:30459B3948D3F675DBB2269499E087F875044926
    SHA-256:19E278127DB27E99C599B423B79585D4B928D536328AEE9231A6BDBCD6A10BBE
    SHA-512:4055F89624F6DD611ADD688E9FB93A13BE28C6DFE7AEEC1CFBA841B7A1478EDF1B018AB5918A3F44B9BE12CBDB547A53C090362D70D422ABE1BC31DE0CEADD42
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........c.....................%.......................................o.......o.......n.......o.......%...............J.......J.......J......J.......Rich............................PE..d....Z.c.........." .....J... ............................................................`..........................................k..H...(l..............0....y......8)..........XD..T....................F..(....D..8............`...............................text....H.......J.................. ..`.rdata...E...`...F...N..............@..@.data............D..................@....pdata...y...p...z..................@..@.dbld0...............R..............`..h.reloc..............................@..@.rsrc...............................@..@........................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-2MC0P.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):18472
    Entropy (8bit):6.286011465843997
    Encrypted:false
    SSDEEP:
    MD5:5C1ECCF8F088C294E4FF4ADA4E559567
    SHA1:BB8FC158E23445BC0DEF4BCBD4F9A622B340BB6E
    SHA-256:F632698BBA686C32D5DE71D42EF2080D793B52C7A2EC409C8440D0AAA315E9AC
    SHA-512:02CB60E4B843C4622D410ECFE48285B983A1C750242A6E894EC6556FDC35C5076437F176E7D4DADF5BBA819CE892B426F2717503C2A09B7DC1DC5FF6D3D830CC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......e.........." ........."...............................................@............`.........................................0................0...............&..("..............T............................................................................rdata..............................@..@.rsrc........0......."..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-2OJ4D.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11816
    Entropy (8bit):6.675322721423953
    Encrypted:false
    SSDEEP:
    MD5:9C42573445921D5C023900699A80C91C
    SHA1:BB5B0983AE7831611E360BCCD6EC3EEA463CC7B8
    SHA-256:EA4D4AA42CF9F0F1061ED21FFE674A9F09156005114B92EFF0A451B38C30CA9A
    SHA-512:49D288B4F1CF4627925AC2F1481E9D117EBE0B3D7207EBAD4422994F748FCBA9F94046B5B7AEC433A1DAB50C92AD03798591B8B757EDADAAA86059CE2B3200D5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...s............." .........................................................0............`.........................................`................ ..................("..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-3BFDH.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):936248
    Entropy (8bit):6.760930940062943
    Encrypted:false
    SSDEEP:
    MD5:6C05852375CCA4772D001A096E0B92CF
    SHA1:91967307B15D17B09F635B4ECC7D5CE3540E37F9
    SHA-256:95B65ACF16F3D0ED8F4EBEC8B205CB2F7DC6DD232DAAC74695FECC37C2B99F61
    SHA-512:F9E99DF9B2B861D9F07500320001C3ACDC4FB1709AB558EF05130FCB234BDEEE263F780667CD575FE88E4BA923BB48004326761146BE4720A3944030D07B5DD2
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|,.8M..8M..8M...?..+M...?..M...?.. M..j8..7M..j8.. M..j8..tM...?..3M..8M..9L..8M..9M...8..GM...8..9M...8W.9M..8M?.9M...8..9M..Rich8M..................PE..L....8.d...........!.........*...............P......................................W]....@.........................@(..P....(..x.................... ..8)..........{..T....................}.......|..@............P...............................text...kK.......L.................. ..`CODE..../....`.......P.............. ..`.rdata.......P.......2..............@..@.data....f...@... ... ..............@...DATA....0............@..............@...BSS..................T..............@....dbld0..0............\.............. ..`.reloc..............h..............@..@.rsrc...............................@..@................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-3HLCR.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.657230650859235
    Encrypted:false
    SSDEEP:
    MD5:C0E9698BD8D03BAEDD230859358C0AEF
    SHA1:24DF2777DC08742FD5864F94E19EF66475FC2C9E
    SHA-256:C448E2B5B1680DBC6DBC2D55DDF2992E4C0AA27373777C81F22457B55BD99B70
    SHA-512:0124DB0DD7EE99A62905B4576DE138E6338E1253E13BC4BF4264D9C9BAF83109A1800F44569E77F2A985AFD7FCB1A935351D9D2BA73B51A738FAB6FC51689A7D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....x./.........." .........................................................0.......;....`.........................................`...|............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-3NU1J.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):1089896
    Entropy (8bit):6.66432548294696
    Encrypted:false
    SSDEEP:
    MD5:DC1757C0BF4DEBF5BDD22F1C22C2EA31
    SHA1:10E1B740CB9DB425C54F6035E1664C232E5157B2
    SHA-256:0D74AE74C13EA642FB41EF382646E081BE697B78BCA3E6D49B05667351C47751
    SHA-512:86CC48143E21BB30ADE35C5D7D7787A6DEB3029AEC92E7772A87858E72A9C4E82FCA1955887501B3357BC4CB81EBCE28859B2A069AE64E2FB78737A97AED9F20
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........'.d.t.d.t.d.t..#t.d.t...u.d.tO..u.d.tO..u.d.tO..u.d.tO..u.d.th..u.d.ti..u.d.t...u.d.t.d.t.e.th..u}d.th..u.d.th.Ot.d.th..u.d.tRich.d.t........................PE..d......a.........." ....."...........r..............................................?.....`..........................................}.......}.......P......0...........h....0.......F..T....................I..(...PG..8............@.. ............................text.... .......".................. ..`.rdata..Xl...@...n...&..............@..@.data....Y....... ..................@....pdata..............................@..@.dbld0..<............6..............`..h.reloc.......0......................@..@.rsrc........P......................@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-44GIE.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):464696
    Entropy (8bit):6.268688392495283
    Encrypted:false
    SSDEEP:
    MD5:ED6DFFFF1DF15635029620C7CB3FC930
    SHA1:EB8BF2CC45487B19F976DE5080C2072CFAAD74EE
    SHA-256:D15FEE3C0DAC6C780E2818C435FAEF939C9D53CBADCAF13544B1CB02EDDFB6B1
    SHA-512:61295E898A8B10BE12B4DB02F7E4DAAD6C9EC9BAEB504AF44982EB057D76A1D88E5EBCBBB1F02573082A22960C6772130F6E124D0117F5A87B420D8452930564
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........3g..R...R...R...*...R...'...R...'...R...'...R...'...R... ...R...R..US...t..R...g..R...'...R...'...R...'...R...'...R...R...R...'...R..Rich.R..........................PE..d.....d.........." .....b...r......@+.......................................`.......Y....`.............................................H............P......0...D7......8)...@...... 4..T....................6..(....4..8............................................text....a.......b.................. ..`.rdata...f.......h...f..............@..@.data...X...........................@....pdata..D7.......8...^..............@..@.dbld0..tB.......D..................`..h.reloc.......@......................@..@.rsrc........P......................@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-46BQS.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.630233426489395
    Encrypted:false
    SSDEEP:
    MD5:6CCF0CA512B9420990C22D462ABE3B08
    SHA1:4F2F516A90CD06FB132B794762872BA19CA51CBB
    SHA-256:F8F460FB6A3AE59DC83E8C398757C9D4999A54FB14F5E4B33B09140158AD0762
    SHA-512:B75BD6DF0A4BD2754223BB5821A3C6D3DCABE1C41630822106E12235B9E1B3C0155F5CD41AB56FF0D0EC05864289F2EF1FB1D8C58BE77C1AE36D48E89862A66F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0...... >....`.........................................`................ ..................."..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-46HPO.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.777533268850292
    Encrypted:false
    SSDEEP:
    MD5:087D5F43B0701ACCF1B9A90083AA6532
    SHA1:B5E0B4279B38842DB732C0D153A06B677E9D0081
    SHA-256:A071F525A70AA16806C49455945E39B1BDD6A1941F86F74CDB7DC0457B8AEB49
    SHA-512:4727F8A688117EE6740FA4A4A96DFF913D8E2FD900B7A81E8C50729F1F3A15FFD921DA61871CC55ABCC4A0CA0D5F8ABADB9C2E60B9BFFFE5D69A8FFCD769E14D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....!;..........." .........................................................0.......]....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-4828T.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.763218231633055
    Encrypted:false
    SSDEEP:
    MD5:870C14964D4B15E95E468B211CA1154D
    SHA1:DFFA61C2D3432F2930F64E2A9548AE7F8EF3412F
    SHA-256:6DBB4080C6E79B25266BFFB2CAFD8492C12F5253A9CD2CE9CD9B3B831D761F01
    SHA-512:467078114C88EACD3ED953A8C8D875E2F3AB915DD3B75BF036D6CBD3F17BDAEB57DD310D59A4E1B70ED75D68B9D6174259374E9BC6BC637DAA1E2D87E4F403A0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...8?h*.........." .........................................................0.......R....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-4BMCK.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.751631254595832
    Encrypted:false
    SSDEEP:
    MD5:AF0299FB054B27E4C9BDCF19007A8F5C
    SHA1:31A04540B67E9977469E13462C1BB8402AF5CA4B
    SHA-256:F659FEE5DFFFFA2950FF1870F5D4BAD1F655B541BB5B9A321FDA27753E8928F0
    SHA-512:BB8967A8567C6914D9EA773577AAE47F0076C902E2E435E61DD9CD77FA1AC1BCF38F11649A609EB4D64CBBAA421504860DA0B8CF0D2190C735F49A70063A1640
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....{.l.........." .........................................................0......-.....`.........................................`...|............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-4JF0M.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12816
    Entropy (8bit):6.6087802749046345
    Encrypted:false
    SSDEEP:
    MD5:AD262469A5A85FA1B1B2922EEFAD6823
    SHA1:123B05CF8A10437C9B6DB7357A1609F19B31D841
    SHA-256:A92B9E28CBF9B617D196B28EF8D7C2CDD311D2B48A41B08E7B5566B8BE04151C
    SHA-512:ADCF83D42FC8BA1F7FA968D6D7EF9C50AB6A1BE49B8D998660C5CA04D286C6188E1B90D7AABBA56E649415EB00C232AF9A51879ADB09CAC51C4F5D6AB6FFFB2E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0.......x....`.........................................`................ ..................."..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-517JO.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.697327155686893
    Encrypted:false
    SSDEEP:
    MD5:9D82F9BA33292213E98B2515BE2E4ADD
    SHA1:52311B9070920CEB60DADEB3B553E7B8E44B2B80
    SHA-256:69BD378CA82BABA070A7761B7714B7437345FAD82C0A7538B67B0860BFDAAEB7
    SHA-512:BFF75D6E943E8FBE566E30F65337355C94A23E2574EE9DBA7B7F73F38E87EF4C5A86B646349479C211D9A56B23F870D3BCE6DDFCE1473C0800B06D89D89BBD23
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Lw............" .........................................................0......w.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-610F5.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.74559502877419
    Encrypted:false
    SSDEEP:
    MD5:0F5F4BA04ECEB9473D7A5A237D47BA19
    SHA1:ED792D1A34F3C9B341C7833C64A3B35066167F14
    SHA-256:628A8787CD21A25D86705DEB3E263DBE5231A669525949C67D066FD19ED10848
    SHA-512:FAF1B696F4A767D6B588D437841713EC8C4BB96935BD2590BDAD0C574757235302169658B922849A477D16485E5C4524AC11C60F8ED5033DEB2B891224747A3E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....(..........." .........................................................0......6.....`.........................................`...t............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-61PSV.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):23944
    Entropy (8bit):5.9733206977422775
    Encrypted:false
    SSDEEP:
    MD5:00BCBB58255D6CBD712E89A3DD0D1810
    SHA1:F93D00A573A880E67C9F5C3D9530D4A1D2165E70
    SHA-256:E10FB192620193CB721516C30533F71CA6B2A4396B48F3858B571143E94ABA31
    SHA-512:6C56FCBB229C4FB0E6F49219BD698F6720804A455B4DEC5309706858491122628E6D1AB9E5F6F32004BD06FAEB48AAF5ED434E8F87D113D3C984B8D00FBA4013
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................l+A......=....f.....f..........f.....f.....f.....f.Q....f.....Rich...................PE..d...,.._.........." .........$.......................................................9....`A.........................................>..L....@..x....p.......`.......:...#......x...@3..T............................3..8............0..0............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`.......0..............@..@.rsrc........p.......4..............@..@.reloc..x............8..............@..B........................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-69J1V.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):309128
    Entropy (8bit):6.273650664584428
    Encrypted:false
    SSDEEP:
    MD5:6800ED63E35C5E9BCA30EAD9FD2BC917
    SHA1:EE397D85BCBD0E4FAA1CB38125654A80464C427B
    SHA-256:9FB6FADB1BB526E2DA08417C656FA8C76377D19D94A7AA3CD88E66B68649871E
    SHA-512:1BA5DA0EEA2F1C369483548CE33635940E51DE7134647112B74909A8508748C34E6DDEF1A5DF58A72F24C351CAB2B930D49F0B6E0DD5DC5A05BFE3B01552F756
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_Z..>4.>4.>4.+...>4.F..>4.!O5.>4.>5..>4.!O0.>4.!O7.>4.!O1..>4.!O4.>4.!O..>4.!O6.>4.Rich.>4.........................PE..d...".._.........." ................................................................].....`A........................................ ....M..,................p...6.......#......p....4..T...........................p4..8............................................text............................... ..`.rdata..z2.......4..................@..@.data....?...0...8..................@....pdata...6...p...8...L..............@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-761MJ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.763381154723336
    Encrypted:false
    SSDEEP:
    MD5:4B1C07BCBFBF836775D57F2E0335E6BE
    SHA1:EACFF55C6029F11F15E9AF41E4574545C9711C80
    SHA-256:FB2419822CB26757907AFCFEE392A7CAB773F04895BFD9AEED3B7265540AC2CD
    SHA-512:35C86529AE915AC87E0D8CFFF815030F8E1A1FAC882EF01803532AC3D2E4ECB2E1CE0BAAD0C1DD3E6CFD63CE10ED937E431424E3D063BBEC41D249DA4A5C4B29
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-7EU8J.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):13840
    Entropy (8bit):6.5907440700460365
    Encrypted:false
    SSDEEP:
    MD5:DFA89D4A72751091108FC3C08588D2B7
    SHA1:95052FF76ED7A19E07AD3B322A6EE8CC8340BBB8
    SHA-256:D517A0B9673EEFDCFC83FC8E03DCF5057EB1689B94E67D493AF0C16728486245
    SHA-512:7BA8465CD431C21858BA256438DDC4EFE5A20F48D320A3B97A9F1FD2C7F9A782B1DF8A620438A7A6FBBF0FA4A2B5EA4072DEA2575ED3B9BFC0187DA2093E6E75
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ..................."..............T............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-7GP3D.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):13840
    Entropy (8bit):6.714376004646165
    Encrypted:false
    SSDEEP:
    MD5:A055F28FAE5A3BA989B55960F7CCAAEA
    SHA1:B7F8B00905F7B48CE81DFFEA9F8218364C173805
    SHA-256:C10E4E4B4E85FC9B722903AF0FC5E22D46989FE510C76294A8167C3775B47A47
    SHA-512:399C0ADF1E9ED5C31127993E1CD89ADE21700A06FE9078803106F954CA81DE7299DD95D131281A6A09F61A94335F119E3E2157E3225F8FA7A6E6270BB28F7EEE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....:+.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-7N3QM.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):14344
    Entropy (8bit):6.527146635794406
    Encrypted:false
    SSDEEP:
    MD5:89B1B41BE1FCD4AF04D1D55172C34719
    SHA1:E156CFEFD0350C84AD3E08CDC1BD283299CDF6D4
    SHA-256:33FDD447A19B761C7017F599DAB6C1EC14AF6AB139F81959E93E85C7A543C5B0
    SHA-512:EC3D3026AF951C4B2086E4C9E7741E90F7E64199564BC105F5847B08A70D028054240FCCA09EEE412F10E9681457D7DDBA85C77A8D7ADFE51F2F3323C41B3301
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-7NOH4.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.751712698504427
    Encrypted:false
    SSDEEP:
    MD5:F12C1674574B16DDC17F4CCF68955E59
    SHA1:0C7D9B8B504A3DDC53C0B8E4066C8D829E65AE55
    SHA-256:A88202B5B8E62EDEAFB536AF25580B2B1A437860D86CD5D8A6FBA3C89B46ACD6
    SHA-512:084776CB0C9E7E3708CD67BD2E075BD6878A13EC0DD70F46ABB7532E7153DDC4C5AFBCBBD477A62432BEF0E1381E06A16F951F7C701B1C6EADEC93514834BB39
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......R.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-7PA03.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11816
    Entropy (8bit):6.7727612105051564
    Encrypted:false
    SSDEEP:
    MD5:36B1CE2707C7139FB0B2868F189E720C
    SHA1:CE362DB2A299B65861CD8D3EAEE2F2950252C51D
    SHA-256:E2E0C42A147D9C960D9D09BFBC98707BDEECD3F4E919D6E68C5692629B338878
    SHA-512:9C6A75BB46AE416BF8E381182B1DEBB8CB0662C084A30B36EBD30F102D75BC773BD77E0F7541335481E59DE3FCB7575E68D9A82671557583E41D3402308E51F6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......q.........." .........................................................0......Ie....`.........................................`................ ..................("..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-7TIHM.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.772704449882823
    Encrypted:false
    SSDEEP:
    MD5:4D7DA451E60249546DD917A4E0E514E0
    SHA1:089CC4B51DC84E9E03AD27FA778476881DF40268
    SHA-256:77B6599FC3DD1E85F225B62F885C4FCB2A37A576A5185E640F5474F21F4E590A
    SHA-512:4DA003EE7D7A98948793FB3C021D35CFCAEBAECF22AF397222CBB0B224E8921D776199FBD66F3F7EF6F8C0E65BBF3ABC6BECB6FCE4B04E5E51B2E9651DB6BC55
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....#............" .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-7V331.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):729400
    Entropy (8bit):6.321246052332872
    Encrypted:false
    SSDEEP:
    MD5:4C53971AE3361B42E4681AADBC5B5BB8
    SHA1:0DAB8CB3B02A4EA178E9DD20E66AFF561B29106A
    SHA-256:EF5B2B272228398842F2832B8BF397263DD1FB3CD1057E9632BCD177D2A7EF0F
    SHA-512:2FE42BE28C1E9CE5996FC331F0354A6D5CC898A97EB3CEBBB0DBE645D86E6688CBF5A8677C5AF98F248D8329E7A3C3E10EB1A830FEFE5F09E158254BFE45AAB5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.._..X_..X_..X.n.YQ..X.n.Y...X.n.YL..X.i.YO..X.i.YU..X.i.Y...X_..X_..X.n.YT..Xx..X]..Xx..XJ..X.i.YB..X.i.Y^..X.iBX^..X_.*X^..X.i.Y^..XRich_..X........PE..d.....ee.........." .....d...T......$...............................................10....`.........................................@...L.......x....p......0....S......8)...P..L.......T.......................(...0...8............................................text....c.......d.................. ..`.rdata...!......."...h..............@..@.data...L...........................@....pdata...S.......T...*..............@..@_RDATA...............~..............@..@.dbld0..L^.......`..................`..h.reloc..L....P......................@..@.rsrc........p......................@..@........................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-7V354.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):19984
    Entropy (8bit):6.203838496280811
    Encrypted:false
    SSDEEP:
    MD5:18B875B9075AC3BF21FC8DB56D774ED3
    SHA1:DA8802907A4DB504BF694465BBCF4A1C5BFC49BA
    SHA-256:343B5FED7783130B1E96C524E8CC84FD0F690A66614756A5EE117B35AD1087E3
    SHA-512:F85CBB31A24CA5DDEB3589889D23C415A9798AE8F80F5802A60075AC04A23904E13921DAAB311210169AE11716DF4CDD9605F930E84EECE2C70E1D33FA06AED4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.../..N.........." .........(...............................................P......n6....`.........................................0.... ...........@...............,..."..............T............................................................................rdata..$".......$..................@..@.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-81M5D.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):721208
    Entropy (8bit):6.270888098155289
    Encrypted:false
    SSDEEP:
    MD5:B4AE5BAC36DE2533C12B8A28EB930A37
    SHA1:608C5C8C79E3FFC6C27BD5CB1336807CCBBDF23B
    SHA-256:8EE2E6DB683DBAB7FC70E319A9EA5061182401E6F86F2C3023848F36847FC6E2
    SHA-512:0A399841216ADE08D2DFDB7D6A5E7748173E00EF14D72DC09A108BC31FC6AC643B45448E7F9E1EF88E4CA9E905865F0FF9887846E9F5C6B1F4269517A282BF1D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!M.!e,.re,.re,.rlTPru,.r7Y.sm,.r7Y.sa,.r7Y.s{,.r7Y.sc,.r.^.sl,.re,.r.-.r.Y.sf,.r.Y.s,,.r.Y.sd,.r.Y<rd,.re,Trd,.r.Y.sd,.rRiche,.r................PE..d....".e.........." ................<n.......................................@.......9....`.........................................@[.......\..,....0......0{..........8)... ..0....|..T....................~..(... }..8...............(............................text............................... ..`.rdata..............................@..@.data...x4...........~..............@....pdata..............................@..@.dbld0..L....p....... ..............`..h.reloc..0.... ......................@..@.rsrc........0......................@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-8438K.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.771797322451931
    Encrypted:false
    SSDEEP:
    MD5:93A0D3275EE195D6BFA343CF0DB3B833
    SHA1:FD3C756EF3916EB465EA8A035100230B76CDFD60
    SHA-256:F887C02AC2CA1250DD73C7840B0B4CFFA4A107FA17643016964DADBB176A578E
    SHA-512:9E20847528239F55910805AB7FAA495CB0930E32742004BF0E0A303B0BBC5C4EFA9A633973FCA77BD34C44E5BFD86BFF4FD5FFF98F7B13DC6FDF9686DE6F1ADF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....$!.........." .........................................................0......B.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-8P99Q.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):209080
    Entropy (8bit):6.517674222032663
    Encrypted:false
    SSDEEP:
    MD5:0F1E85FD7FAB83C31E77CA82FE568369
    SHA1:C7DDF60ABF478904D973E160FFD9BF07EEC366C4
    SHA-256:43CD5B65058602CE00D297913C3C22B31A26A7AF215F55A81DA51157B1921CCC
    SHA-512:A888F8191620555F4367F7B8C7E91194ED5CB1511CF94B53F2C0D42AE7F2EBA43BD84AE0D91813B8FEA1F4ECFB99D697B334DA18A7A2E0F587905682EDA77A5E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FXN..9 ..9 ..9 ..A...9 .H%..9 .H$..9 .H#..9 .H!..9 .K%..9 .YQ!..9 ..9!.9 .K%..9 .K ..9 .K...9 .K"..9 .Rich.9 .........PE..d...ks.a.........." .....$...................................................p............`.............................................H...........`......0+...............P......Hf..T....................h..(....f..8............@...............................text...\".......$.................. ..`.rdata.......@.......(..............@..@.data...............................@....pdata..............................@..@.dbld0..0)... ...*..................`..h.reloc.......P......................@..@.rsrc........`......................@..@........................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-8V501.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):412344
    Entropy (8bit):6.5560909331427615
    Encrypted:false
    SSDEEP:
    MD5:952CC0EC8FC0413F6F3D5BCC428A1131
    SHA1:C10BF96465E6711FF5163EEFCA8244886B6B56EB
    SHA-256:C19C617A2ED0F4FA42EC952D1644D03B31F53F5A2D17EFA8B52833BA132C11BB
    SHA-512:5FAAFF79F07B41B3B551AA3DEFED9AA5F3DF312E4EF7ED632586FEE82AF9772DA90F3A840573C69958555013C60C043B2B12615292282C20C729727C7508C1DA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........FJ..J..J..C...Z......B......N......S......L.....K.....M......E..J..G.....;.....K...|.K.....K..RichJ..................PE..d.....a.........." .....N..........\N...............................................G....`..........................................g..H....g..|....p......0...T<...0.......`...... ...T.......................(.......8............`...............................text....M.......N.................. ..`.rdata..N)...`...*...R..............@..@.data....5...........|..............@....pdata..T<.......>..................@..@.dbld0...G.......H..................`..h.reloc.......`......................@..@.rsrc........p.......*..............@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-919DS.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.735551720765207
    Encrypted:false
    SSDEEP:
    MD5:6B8FD9123E59B177DF25262DD5ED30CE
    SHA1:D873C7140B02865A83AAFC134942FD00491AF0FC
    SHA-256:0FADE5F5F83D687C8C8F4F48C5DDABFFCD602AE663A056C234FEAA7CE80EBF13
    SHA-512:68E2A57B24990D02B61510242639C0F42C675B93E49E52E1BE12295399DCCBF37433B3A0B7A04147E16098980BB7EF5CA3A32972F87E9D73B83AF4431F0B8F9D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....~.s.........." .........................................................0.......p....`.........................................`...t............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-91AV8.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):367416
    Entropy (8bit):6.551473929487034
    Encrypted:false
    SSDEEP:
    MD5:04B590DBBB45472D7ED2C169F58ED066
    SHA1:510DBAB046C761D53DB831B4609722913803A608
    SHA-256:3EDA583DE6740CF90D830FFEBC6103704C249687453B9A37E3B08958A4940884
    SHA-512:84142718F459DE486FFCD2F70B80CE1DB3D900382B31FF4C7028FC97E7346691F24DB641C9071B4FF7CABDCEEBB21E5FBABD643AD428E79BBFB1C15D42D24395
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+C.3o".`o".`o".`fZ+`a".`=W.ag".`=W.ak".`=W.au".`=W.ai".`.P.af".`.P.al".`.P.af".`o".`.".`.W.aI".`.W.an".`.WG`n".`.W.an".`Richo".`................PE..d......c.........." .........j......,=...............................................8....`............................................H...................0k...6...r..8)......x.......T.......................(...`...8...............p............................text............................... ..`.rdata..............................@..@.data....0.......$..................@....pdata...6... ...8..................@..@.dbld0...B...`...D..."..............`..h.reloc..x............f..............@..@.rsrc................l..............@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-9KKRG.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):64528
    Entropy (8bit):5.5436166311209165
    Encrypted:false
    SSDEEP:
    MD5:25714A7D24E8D75B240A618668BF55C6
    SHA1:D54573065A5B21CFBBF3FB9F07B172FC22B4C2DC
    SHA-256:41B7A63FE1FE274F3B7C74A75602BFDF91528E01FACC014F5C6FDA7322B54DE3
    SHA-512:6532080A54350492774D806A6B9F799CA5817067E999CCC901BA5D7949E89CF24B7A50999646D9E71023EEAAFECC859E46F9A1B1F4322C5CAA14CD70FCDA60E4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......F.........." ......................................................................`.........................................0...T................................"..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-9POKC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.765608975482933
    Encrypted:false
    SSDEEP:
    MD5:0D21E7CFA8473CC576D6C19918FAE61A
    SHA1:854A27CBE0EC1475E2D1ACAE0A818CE1A10E7C01
    SHA-256:E550191E99C4557F3E6E79C705FD3C060211116DB6B428D07308D88CB22456FD
    SHA-512:3C2C7A0794CDA11A2725B046DE35ED071991AB341E7F1544CC2E9C25CA9A51EDAFDA03B8FCA417A83621F486D970DCCE8F7B2B5D04FC93770C14A357723A8FD8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...."..........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-9Q97G.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):4781168
    Entropy (8bit):7.490890582419795
    Encrypted:false
    SSDEEP:
    MD5:0ED61628236C34D036D9C94C3A66FD98
    SHA1:40890C1D86FE2B9E4B20A8C92ACA7B992B765FC8
    SHA-256:BDE83AF2484BFD7672F38648F2868DB825B1A2BA225D4C43031405828ED63836
    SHA-512:E6902E7993A53888598116BE261B8D7CAD76E1AFD613DAC0838E4730E459F1A47C7ADEEC1ACB4B80023C05BA41761318ECB19CFD69A41B71A84CE7365D47C8D7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........................C......C......C......C......d......e.............j.........]..d......d......d.n....d......Rich...........................PE..d.....%`.........." ................:.2......................................0I.....OPI...`..........................................&......( 0.,.... I.......H..E....H.p.....I.......H.T...................p.-.H.....H.8.............3..............................text............................... ..`.rdata..`...........................@..@.data....#...@.......*..............@....pdata..0....p.......2..............@..@.dbld0....&.......&..L..............`..h.dbld1..p....p)......().............`..h.reloc........I.......H.............@..@.rsrc........ I.......H.............@..@................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-9V2J4.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):653936
    Entropy (8bit):6.611087114230956
    Encrypted:false
    SSDEEP:
    MD5:E20ABDF10035F1D00C362488CD944A1B
    SHA1:CB825F0B17A66B10852120337EACDB84FD5F377E
    SHA-256:A1BC78B81A683C365126B1237DF1AF10CE19710F4A247921269289965D631985
    SHA-512:878D3A4B732B01F5D24D9186A35620D8EBB07F726EDC30C83F63B2F4F2B8FBEE0A2F86C3B2896B50EB2473346EB45F7C47E386344A8E7C27DAD7BD1669A74DC3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O...!...!...!......!.a.%...!.a."...!.a.$...!.a. ...!.F."...!.G.$...!. ...!... ..!.F.$..!.F.!...!.F.....!.F.#...!.Rich..!.................PE..d....R$`.........." ..... ...V...............................................P.......!....`.............................................H.......|....@......0....Y......p.... ..........T.......................(...P...8............0...............................text...z........ .................. ..`.rdata.......0.......$..............@..@.data...XD..........................@....pdata...Y...P...Z..................@..@.dbld0...d.......f...b..............`..h.reloc....... ......................@..@.rsrc........@......................@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-A3J84.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.637816695668706
    Encrypted:false
    SSDEEP:
    MD5:BA410EA6AA0DAF2E629FF207CB6E1C45
    SHA1:F8BD333C8F68033FE979C9CF02DCBD3EB0AAFFDA
    SHA-256:F0694DF2176F57B10E9B879606422339C1BCA6AE6186EDF29F7DBBA80026455B
    SHA-512:3DE00E4133A80AB2652FA29E770B31EC4EE48077EB772B16C0CDBF8BAAC82CF7BD2E14F68B8D83D66B20825E8BEF5A7EBDA0D301043F877E84D312E867FEE5D3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....~w..........." .........................................................0............`.........................................`...,............ ..................."..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-A46SK.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):1105720
    Entropy (8bit):6.459507736209464
    Encrypted:false
    SSDEEP:
    MD5:8748D16CAB891C167A264F497CC1FC17
    SHA1:C1C4641D623626A58DDC42D051155908AB0F9A74
    SHA-256:4F709F65BDEC644129FFE16422EFB956AD18C5AADF057EBB1600D4FA0C3203A5
    SHA-512:84D590828EFD6037331C749F81B7171CA2389CE4DCBCFC1A60993C3EB469D54FB45D006DB910EF69ACD7B7530E53E393D9A6EC8DED88B77C82E1F0A993E3BC9F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......6...r..Rr..Rr..R..S}..R..S..R..Sa..R .Sb..R .Sx..R .S"..R..S{..Rr..Ra..RUZ.Rp..RUZ.Rg..R..Ss..R..S...R..Ss..R..bRs..Rr..Rs..R..Ss..RRichr..R................PE..d....8.d.........." ................<........................................`...........`.............................................P.......d....P......0....y......8)...0..D.......T.......................(.......8............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...............................@....pdata...y.......z..................@..@_RDATA..............................@..@.dbld0..............................`..h.reloc..D....0......................@..@.rsrc........P......................@..@........................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-A4G7I.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.749131077064338
    Encrypted:false
    SSDEEP:
    MD5:4D816692877A5B28C7F503AD5454CE50
    SHA1:C77FC150C2D5C35F2A08B8B1B8206A39785CC018
    SHA-256:5DABD35AE32B633322ADDC1F2E1688D4E78363CADC7C7A8EB8F8E92C7D3E1444
    SHA-512:71A4AE0B924DEBF7B51332993EDB33564EBA0887D0F051FAEC9905B3F7C9651737D4DE5E00EFA02E0F4559C6D4B57B4B770BCDCA6DCB894CC70EA3597E09123F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....G............" .........................................................0............`.........................................`...x............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-ACRA5.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):481592
    Entropy (8bit):6.737771043002088
    Encrypted:false
    SSDEEP:
    MD5:5E93E74DE3182113CE768BFC57F37594
    SHA1:2F6F2B7AD8D263AF012E8B430CCAF229F3651B66
    SHA-256:1BEB744E232A03314A33EDCCEFC600CB6696509B4324AE0B00FE4CDB6AAC5936
    SHA-512:E261C32968F56A486D7246E93494AD0629E5B57C15D9E582777C58B17EA6A5DD57FB33D3A6CEA7CAD28C5EA078A3C7D8A4652CF6B54F91CB4186B3078842AE4D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........)...z...z...zS..{...zS..{"..zS..{...z...{...z...{...z...{..z...z...z...{...z...{...zS..{...z...zE..z<..{...z<..{...z<.@z...z<..{...zRich...z........................PE..L...Q..c...........!.................N..............................................|.....@.........................`...P.......x....................0..8)...0..(E...~..T............................~..@............................................text............................... ..`CODE..../........................... ..`.rdata..............................@..@.data...............................@...DATA....0...........................@...BSS.................................@....dbld0..0.... ...................... ..`.reloc..(E...0...F..................@..@.rsrc................*..............@..@................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-AGO4M.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.692027910322985
    Encrypted:false
    SSDEEP:
    MD5:1F52092CB4538F17F3EA7D62DB31BE0F
    SHA1:C9282A2D4B603367A6717A9BC3D59D7DA784B967
    SHA-256:876EAB922FFFF0DC4314ABCC212580BA8D3346B45EA2E51930C7CC8D6C5A43EF
    SHA-512:92C785BB1988EA3C61E0D2E031D426EAE87563C56741F82F0240B3BCF463EC733BA25AA1A7A1D776F1C14672266A22A997867C578A91D3B270696ED1DD7C3B21
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......Q....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-AIIPN.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):15672
    Entropy (8bit):6.504400608920869
    Encrypted:false
    SSDEEP:
    MD5:83A1AB90FB677FAAA10EF76D4C18DDF1
    SHA1:8B7837A1C2581F157DC5D147DBA215E92C3F3D30
    SHA-256:BA413CC15F9A13B1FCA48C6B7F90261D5578A6F1B0B2BB8D2AB9D513CFE5F75A
    SHA-512:5135205373B666422F55266241DCEEF0C503705E18D68CF44AA3E49F23F049B15337B5332CDA7CE60837492AC703FB0DAA90F8DFD8EC8CC5C6CE6A62D0EDF222
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Z%..........." .........................................................@............`.........................................`................0..................8!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-B3OT0.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):330120
    Entropy (8bit):5.951872724913285
    Encrypted:false
    SSDEEP:
    MD5:0248B7DF1783F7D15C17139C2A8E5476
    SHA1:F868D77E740F714348582ACA818535472E923E18
    SHA-256:D79236E5EF69F842451FDB1A70C4C51295B01405972E943A624719219EA5F7E8
    SHA-512:7FDA2942A50FB137AB53C61E17B966D01C86D205B26D08B5842327F5C3803F714DFAB855F86B468B2F8ADA8B69DDD3FA8E4DCE896668B1BF28A6C560F7738E76
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................#..............................._..........................O...........Rich............................PE..d......_.........." .........f......P~.......................................0.......7....`A.............................................>..t...,................ .......#..........`...T...............................8............................................text............................... ..`.rdata...v.......x..................@..@.data...(.... ......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-B7FAP.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.740503942817895
    Encrypted:false
    SSDEEP:
    MD5:75ACD46201D7ECC997688909A708ECDC
    SHA1:F756EFB531B24A5EB28EF041D9E4193A62A22BF2
    SHA-256:5E52F65A6DCC3469E2D6C45E13FE740C878DB77099471E2910D996C7767EB9D2
    SHA-512:8DD24FBE9F605BBE3F5A9E02A36BDBFCBEA1F25D79FCF54F0E39324CD625D6034B95D3950CD56ACF7165EEDF7D79040A12BAEDD8B8CF74C6CA060179DEFFE4EF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`...\............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-BH3SO.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12816
    Entropy (8bit):6.61889814511829
    Encrypted:false
    SSDEEP:
    MD5:3B5F4563DEFB76CECFB35B871DB3D479
    SHA1:AE9BF3740FA0362015216098331667D6FFFCB046
    SHA-256:85E921A12E229AA58FB3F1697B9D5BFF6B5E5FB6BB26612E63FFAC68095584E6
    SHA-512:F10A32D779113911564F533C872BF1D62956D99236236610982A4C2D00D52497D5A5DB5386E478C909C0FBDF31F19EB26DCC7235CA322629FE77E0572C3F7D98
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....+]..........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-BI5Q3.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):1284208
    Entropy (8bit):6.566123554441605
    Encrypted:false
    SSDEEP:
    MD5:C3676D9CF2F7795E6CD9670C06626B1E
    SHA1:8D2CD4FFDC63E215EFF8B42BAE9C2F0CDCD32956
    SHA-256:0BDDBBAE7995780AA21602222E168B9E7991D8828E4BDA658DE0EC34BF13864F
    SHA-512:68D83B37C99979F36E6DED98EC3E660E699ECE8A9EC8B9063209317E1178F88A064EA117595CE2B2380D58B4491970D0BA7BE9412BE6C7FA41FE1ABBB824CB75
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9x..}...}...}...&q..s...&q.......h..r....h..w...&q..f....k..|....k..~....k..|....h......&q..r...}.......k..K....k..|....kl.|....k..|...Rich}...........PE..d...?y&`.........." ................@...............................................h.....`..........................................&......d'...........p..0........~..p....P......p...T.......................(......8............................................text...>........................... ..`.rdata...k.......l..................@..@.data........@...J...0..............@....pdata...............z..............@..@_RDATA...............$..............@..@.dbld0...............&..............`..h.reloc.......P...0..................@..@.rsrc....p.......r..................@..@........................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-BRS51.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):281400
    Entropy (8bit):6.696621376721421
    Encrypted:false
    SSDEEP:
    MD5:34941DDCE95DACB81F2BE2085FD684D5
    SHA1:AC9E6806F160F8B969A2DCB0C2274FDF430BABC2
    SHA-256:ED7F06021CF8C51E328A0B1C7EA81B70858F85051E1231EC6EDE371287B42913
    SHA-512:6D3E624C8E62D12136A0CCF83F4DC1625FF6C430C9F8AB920ABAF6E9E88BA299EF140601F3C0DBB9EDDF1A369AEFF862B69364B1EA7908F8F6DB298F674CAD2F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{....o..o..o.Lhl..o.Lhj...o.Lhk..o..ok..o..ol..o..oj..o..o..o..hj..o.Lhn..o..n.X.o.#oj..o.#oo..o.#o...o.#om..o.Rich..o.................PE..L...F}.c...........!.....4...................`............................................@.........................p...P.......x...................."..8)...@..l0..8...T...............................@............`...............................text....Q.......R.................. ..`CODE..../....p.......V.............. ..`.rdata..h|...`...~...8..............@..@.data...l...........................@...DATA....0...........................@...BSS.......... ......................@....dbld0..0....0...................... ..`.reloc..l0...@...2..................@..@.rsrc...............................@..@................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-C26N7.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):2830672
    Entropy (8bit):4.000839854887452
    Encrypted:false
    SSDEEP:
    MD5:F431DC21C66E5A92700E678FC94ACD34
    SHA1:8A5092A264B3F11572C78DA9B023982133C71BCB
    SHA-256:65862B007570EC18E552FA11797A30BA5724F83B075FED02ADFA8D147790DA4B
    SHA-512:92A9A87AD4EB4F23B2B8A923387C4C442B3AEDC5319ACE4D011392CA43C25D5FDC7AA1FB7E085ACA1215819C3521D140F460BD99B00C6332BC70F4FE2ABDCB6F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......N.4...Z...Z...Z.......Z...^...Z.X.^...Z.X.Y...Z.X._.+.Z.X.[...Z..[...Z..^...Z..Y...Z.._...Z.._.g.Z...[...Z...[...Z.._.F.Z.....Z..X...Z.Rich..Z.........................PE..d....[.b.........."..........&.................@..............................+.....V9+...`..................................................-........+.....0.*.......+.P)....+.L&......T.......................(.......8............................................text...2........................... ..`.rdata..............................@..@.data........p... ...R..............@....pdata.......0*......r).............@..@.dbld0..4.....*...... *.............`..h.reloc..L&....+..(....*.............@..@.rsrc.........+.......+.............@..@........................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-C7O6K.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):1023792
    Entropy (8bit):6.659645090573674
    Encrypted:false
    SSDEEP:
    MD5:0757B6C67F82593B06FEED98CD3837FA
    SHA1:4D672F6F4580A3B3ACCC19751632492C555B4C40
    SHA-256:84259DCDFF4344AA18D44701CA407C6E041F488D44877403C5E41C5467A1027B
    SHA-512:308A6A2E3072553E5A80FF57727EF1386C3CD348FF2659067F51D43DB7C38F94B2007235ED4D523D25D07A66F30BD2C66CFBA8794EDD57BD856DDB7660BECE7B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...........................................k.......j.......k......k......!.............N......N......N......N......Rich...........PE..d......c.........." ......... ......`................................................x....`.............................................H.......|...........0K..L....v..0)..........h...T.......................(.......8...............P............................text............................... ..`.rdata...d.......f..................@..@.data...`V...P.......0..............@....pdata..L............L..............@..@.dbld0..|....@......................`..h.reloc...............Z..............@..@.rsrc................p..............@..@................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-CD182.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.643884463742571
    Encrypted:false
    SSDEEP:
    MD5:CE4FA9B6076007756515717B711AF9D4
    SHA1:7AE7A19EDC7018696786C5CF793372DE3A7FD836
    SHA-256:412334E6F0F829A18EA31A06F380D3810C83292BD0691FBE8588BDFC07DD3A20
    SHA-512:62A9987289DAB6227391B9D5D02D3BAA23F2119B4CA59160759C7D7AB9D83016477DCC75DBF4CAC8D64BBD478AA0B53C791E01FFBFE8E1ED565A641BBC3BD668
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-CK4LU.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):724280
    Entropy (8bit):6.404846391012596
    Encrypted:false
    SSDEEP:
    MD5:758F7E9CB60C403DB66B91E1F74A0915
    SHA1:813114F6A539B8668FA15F72CE279D9A15F71E8D
    SHA-256:5E67AB1F2D27AAEFD8C7956EBED864CFE4BA773C728CF390F1F2B22C51788930
    SHA-512:8A5B1EEB736588E3A9E9DA8478F07BBC2A57A21D0BD77EECBA84885B92A39F32E8AE844B1BABA5540196C87CDBC1390E61FAD3EAA925D548482F631E60A38A38
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......,..Tht..ht..ht..a.}.|t..:...`t..:...lt..:...nt..:...wt......gt..ht...u..O...jt..O...}t......it.......t......it......it..hty.it......it..Richht..........................PE..d...%.ee.........." .....r...8.......l.......................................`......$.....`..........................................d..H....d..h....P......0....X......8)...0..\...p...T.......................(......8............................................text...Jq.......r.................. ..`.rdata...............v..............@..@.data................p..............@....pdata...X...`...Z..................@..@.dbld0...d.......f...d..............`..h.reloc..\....0......................@..@.rsrc........P......................@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-D55QV.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):186248
    Entropy (8bit):6.51645164342066
    Encrypted:false
    SSDEEP:
    MD5:5338E18979B5DBC62235AAB52307B820
    SHA1:39F1E5D294AE25ADBDA517F07ED536040591E50B
    SHA-256:046739D24A8253914EA8048E2C136CBBA668E62FE5284CC0FF5DB5F350B9DA2C
    SHA-512:A9728E82F7F212D5D1D57849F0C84DBED1BF1A1CD7A373D1BBE4AF276E20C9225282685FA75E28FE2918F4F293D1C1D2564ACEDE4D5A03C99522EC3D0E4AFEA4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}. ...s...s...s..Vs...s.d*s...s.m.r...s.m.r...s...s...s.m.r...s.m.r...s.m.r...s.mFs...s.m.r...sRich...s................PE..d...,.._.........." ......................................................................`A.............................................................................#...........K..T........................... L..8...............P............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-D8QQL.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.6847116792611345
    Encrypted:false
    SSDEEP:
    MD5:F98D5380051D2EC7680DA332834CB378
    SHA1:EB45374207416FE744289BB7222B7F6A97F5FC80
    SHA-256:F9326FB6849C957522E9FD5933C96FD49EF7E45A6780EA427E23FF8692417BDA
    SHA-512:72A5B1A699DAA0EAE14B261FC0ADFC858E3E2AAD2F40923286D229F711EAB10A117023B510D8BDC26E5D5300FCEB3A270C436E75F7DF03FC1D148581B19A3068
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....B.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-DG9B3.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):159928
    Entropy (8bit):6.446995515076236
    Encrypted:false
    SSDEEP:
    MD5:4396AB46F8AB2C31E0B165BCE195B2D4
    SHA1:4E64F14E1D5FF843DB9F67C37076EFCE9209AAC3
    SHA-256:5747D27844146866F132D7628C051A4BCB64F252A9082723C3C5B3D022078D33
    SHA-512:87980D64CD36CF045B181BE6804682B9E1E9AC31EEB5D1A3B4F2A757B0E936566E2DB066D67EBBA32C5A88B3EE1220D872A8DA9A6B4DB4AD08AB9DDE234585E7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............|...|...|.......|.$.x...|.$.....|.$.y...|.$.}...|.......|...y...|...}...|...}.(.|...y...|...|...|.......|...~...|.Rich..|.................PE..d...Pp;a.........." .....l...............................................................`.................................................H...............0k..D....V..........P...H...T.......................(.......8............................................text...Wk.......l.................. ..`.rdata...............p..............@..@.data....+..........................@....pdata..D....@......................@..@.dbld0..t$...`...&... ..............`..h.reloc..P............F..............@..@.rsrc................P..............@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-DI3QD.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.671136251065646
    Encrypted:false
    SSDEEP:
    MD5:9627929A5BA49AF73FD481E7D9E17CF7
    SHA1:BE63D57A94869A927BA1653DFE1FE07B670B95FF
    SHA-256:D4AB0F07801AC45BEDCDAE1867E9B5949671B420AF2F43C50959EBF0CC70C44C
    SHA-512:6E74C577B45D77685295128B408D6203399E72BF35BBD3D922459DC41AFBCC0F19D445265C1B89E1DDD8E46E2426A23B6E1B55A368D502ED6A7615264A79FC47
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...2.#X.........." .........................................................0.......I....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-DJ7QD.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.6904182771456515
    Encrypted:false
    SSDEEP:
    MD5:738A58DE644D954376AD142D4BED92F6
    SHA1:ACB5A9315ACB6406D65BFB6FDFFEBB17AE8C3F6D
    SHA-256:DAF41A5C18D51FE7B1C646C4C0915E910A44BA6F82D51FCCF81DA4BCE984C235
    SHA-512:5CA5EB71F478D10FBFEC1F0B28F81FC02D72462E0FEBAD7BE125509FA7590E457728CB143E29EF1A78B457C8177335385023AD421B8C71A5CFFDB6A3512F088E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...`G6..........." .........................................................0......l.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-DMHK4.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.759930506986729
    Encrypted:false
    SSDEEP:
    MD5:FC7259A39B375E233D8CF57A7F71132C
    SHA1:E644EF8922CCE4E2904E9072B82980FFAD1BBE94
    SHA-256:66859C6F684A4218C0BFFB0635CEB057EF076EC81F187912C3D3587983F98BE4
    SHA-512:A5F24A0F2202E7C0A5AF4AF7D13BE9063ADFD76DF61B195AD1B0DA35F3A2A465590E128DF8DFEC396A0ADA154B9191AA42D358877BF8AF80C497537C6EAD423E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0.......M....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-DUU0T.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.683294699636584
    Encrypted:false
    SSDEEP:
    MD5:7A6174498D8B6DBE4F02125894AFD251
    SHA1:2DAAF8300419506BFF41EB8AB3BFCB531EED773C
    SHA-256:6C6942C16D814DD877568D61BE3520D7F54BD88750E96F1F778E3EAC88332FB7
    SHA-512:28A513D8CC07CBC78528D1C61C641223D3427E2F799C800990E4AB7A6270C3A3F3ED96FB8082B48A144AEFE6345B04706DAE90722E0BC79D41903EF305F37AFF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Z..8.........." .........................................................0......".....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-E4NUM.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.680209244932901
    Encrypted:false
    SSDEEP:
    MD5:C990BF591E31C39C1DA71A6FAC6F3320
    SHA1:177D63F4EF6F88FCE36C0683305824CD388A435D
    SHA-256:2EAD6564F34CC1AB2C753DEEA2E18DF2F29F45D8A46E1ECB735832910E45001E
    SHA-512:3C327EB3A2F6C247F3006B3AA69505E116D15795FABA6BBB3C3D1D48095293FACAE4FB86FBD65477B9AC432971207B45E0601A44D774A6752462A0E307BCCFD5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...~............." .........................................................0......Y.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-EG0JV.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):675640
    Entropy (8bit):6.625257464463376
    Encrypted:false
    SSDEEP:
    MD5:A8E0EBB5FB5644725C3AFD55CFF3D8FC
    SHA1:1D2B793B77633BFFBC916107838F1B0BDF9315CE
    SHA-256:1C4C1CA2B64EA0F4FDA3E074D8CA135A9A581EF276B79869F4BB568F7A88D987
    SHA-512:6A42B1B11E27C05EF06E9E28E5EDE2EDBD85C22A6CA3D917451991B3549900D8EEC0D585429C071B587853FA4742A7AB49CBCD7CCD1EDF7A3689FB411ED7785A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........|n{Z..(Z..(Z..(Se.(L..(.h.)R..(.h.)^..(.h.)C..(.h.)\..(.o.)W..(.o.)[..(.o.)y..(.o.)W..(Z..(m..(.h.)...(.h.)[..(.h.([..(.h.)[..(RichZ..(........................PE..d......c.........." .........8.......$...............................................5....`.........................................@#.......#..|...........0...8X...&..8)...p.......J..T....................L..(....K..8............................................text...W........................... ..`.rdata.............................@..@.data....J...P.......6..............@....pdata..8X.......Z...P..............@..@.dbld0..hc.......d..................`..h.reloc.......p......................@..@.rsrc................ ..............@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-EN56H.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.655934512727509
    Encrypted:false
    SSDEEP:
    MD5:6258AA27FF031959451EEA40244C7169
    SHA1:128DD82A719F10A24C3CFD460B42096B304ECF1B
    SHA-256:E5D0CE32CBD2AE6EF326253ECA224ACEEBA9F2AB07410548F5431EC939BBE784
    SHA-512:1A61037219003842E3F7F5CC22D17635B65A8AAB09615E44661BDF9E38033C160595DCECDE308EF0692EB4CEF82CB157D820EAB69E98748F50D93139109ED027
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....-.Y.........." .........................................................0......G.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-EOEQ4.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):15376
    Entropy (8bit):6.562006648102604
    Encrypted:false
    SSDEEP:
    MD5:F753699EA5569C33BF9ABD2D766445C1
    SHA1:43BA6C336CDBED435A73137201F7EC1C8A9E25B2
    SHA-256:EEB1780941F9E74C8F7E176D42B4DF1AE8AE27BDA5C6C2F569EC64200D3F1C88
    SHA-512:5DCFD22BF1D504157390B9B90D45E61D3407DBB6DCB65B1B363C06C027A8CF74FA1533DC479B422EECDA070032B9AF7B24893372E0D2B69D4E6F0D6C20A1CF18
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@.......W....`.........................................`................0..................."..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-EP3EK.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.677390628898293
    Encrypted:false
    SSDEEP:
    MD5:1D26AC129975D511B63525683B9AF2FF
    SHA1:DC27DF3BEAEB5CD34A68D469AE153498FCE6F51A
    SHA-256:4ABD54A6E8FC704BFBC40B99C1A41FB73D389BF6F82C90380A098AD901CD2B94
    SHA-512:C5BF1C0EB3C30509B17621E3D17CAC4B623075AEDF02ACE073AF3858A42FA4299E344B313DE3A652EAD6C9ECC97C2CF9D3D4587ADEDC23BD3451E4DCBC6117E7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...O..+.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-F090J.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):585096
    Entropy (8bit):6.434791126944014
    Encrypted:false
    SSDEEP:
    MD5:5CDE3AED10412762E83B7FE43694A22B
    SHA1:4FFCDF063EAFC901105836C27A634530EA614755
    SHA-256:10DDFF48D704C6007E4C2D53FB4856B5E5E79479503366236246A323AAA76E9D
    SHA-512:FCD7BC262E7BBCBBAC9258E31B8D62EFB2E601AC1FFFAC4C86819C8F2AED26FC19403D992A57D48EC92752B2A0A8B04E8204423D6077C7800EA4015F016FAA23
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................Z.J.....6.......$...P.....P.....P.....P.......P.....P.Z...P.....Rich..........PE..d...'.._.........." .....D..........`'....................................... ......O.....`A........................................p}..h....W..,...............X;.......#......P...x...T...........................@...8............`.. ....y..@....................text...,C.......D.................. ..`.rdata.......`.......H..............@..@.data...H;...p...$...V..............@....pdata..X;.......<...z..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-F3DLB.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):15888
    Entropy (8bit):6.599177381829281
    Encrypted:false
    SSDEEP:
    MD5:6FBB98A69919D9861460A168FC189224
    SHA1:6D0830146AF97DBCE9D424964E819E920DAE7DB5
    SHA-256:A1B36C903A0CDA601AAA5060B0C348CEAEB577D3F052B4B21E664F2898E40C3F
    SHA-512:F1B728D3F5B728D24337A0C92521964F11E26AD4264DC9A24886A425A96916A8055C4847A07C5CA05925FCA504AFFE86BEFEB83075CDD577D472702041C3DA79
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...QM............" .........................................................@......y5....`.........................................`................0..................."..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-F5AV1.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.611280078045226
    Encrypted:false
    SSDEEP:
    MD5:8786314584FDFE3FEDF85EAA7EB5C008
    SHA1:918CE4C53463092C1B90A62BEF36C5B1BD6D56C4
    SHA-256:95ED852901E3F0384334A8363F97FAFA0004B97A9D7B3E0175100B9ACD1D4166
    SHA-512:43E4C44DF4B1231D3C1A2E6D9678E7CC0152D497ADF36E0C464B92530D2358FA303B90EFCC5E35ED9D789ED3D1ABB71BDAA1EC68C2B68FF41DA82613ACFF1620
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-FAMCK.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.761967991668597
    Encrypted:false
    SSDEEP:
    MD5:8F1D6065BE20BCC5E999EDE6D1ABE51F
    SHA1:BEFD3F6A034E470DC25E9C7D34BB705376118830
    SHA-256:EC687B33976033C12705B07AB25171652D9020B8E001DD7847307D4061C04DF4
    SHA-512:8A80495759F316C790D16F0861E860084B9A349339038E64BC463F28F53BD66BBC9B73DEADB91CF85CFED55A2D597E48C4BBDAF1EE71BD2E1F4959CD32A6EB8E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......+....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-FLHH1.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.694330346168219
    Encrypted:false
    SSDEEP:
    MD5:24C9068F050F7511DC952E9B7DDD25FB
    SHA1:852DA2061771C52D734C8E006445492C1D722B4F
    SHA-256:5C466DABDF75D4C3841C9F958740FD6BE52218C7AD48B3E0A5B7816CF468F3D0
    SHA-512:EB64B6D4231816A64D19985B53DC2DAA38995B641B0DE4DC4F36FFE46B18513664544EA03470E92E616474B6CBF08D84F4C660296AEFE9780CD3F859CC05693F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-FMBU4.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.6738829689000205
    Encrypted:false
    SSDEEP:
    MD5:8FDB305BDD488CD8209DB0F1DD1C385A
    SHA1:F7B7554AF9A0F9F164E9C5AC3744FC0C550FF358
    SHA-256:7F45493459B58AE2074F604F4DFFD35A0DBC0CE1EE7D110035B7B9DC6D84A9F1
    SHA-512:9BF20B3CECDE305AC0DCB4381C946520E881F7894D29E084A40BC3BCB14166552343471D2C5D987CFCEAD27701B7196CFB1F37002FC1323B79FD83F504BDB22B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..............." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-FTTDO.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):16400
    Entropy (8bit):6.462937749825311
    Encrypted:false
    SSDEEP:
    MD5:AFD2D84FB1CDD0C03EE2888CE4FADAFC
    SHA1:C2EBE9EDE75C0956F7D8431B0EA345672132A2D3
    SHA-256:26CE526A30CEB11AAD52B71AA4F3EA65AFE2FD6987AB517B7E86823687BE6D2C
    SHA-512:DEA9F4737881C4CE5591EBE9875E0981DC360DF56505D8CD9204FB15C08FC84C1B634957540A22B11C222A11F1C99A2B401DA50E55C8964C91262B186C030410
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...9..b.........." .........................................................@......./....`.........................................0...4............0..................."..............T............................................................................rdata..d...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-G4AKA.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.637201024386904
    Encrypted:false
    SSDEEP:
    MD5:C825E9272B712E2A1B5A5AB40496FBEB
    SHA1:BBE49DD42FD7AE672C8093F946C83955F362893B
    SHA-256:C13FFB664D7D3826E65971403178ADB9B7AE90DE0A7AADD7166E842E9E69245C
    SHA-512:4EF5F79219F27F24F353B1016BA5E798ECAD61C83115364700244DE859C9D5DFB415AD640536A6194549726D25B2335DDEF613A0168C62081D24DAEFC19EF36A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......a.........." .........................................................0.......b....`.........................................`...X............ ..................."..............T............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-G54TJ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.667583098576836
    Encrypted:false
    SSDEEP:
    MD5:A62B72F523792F2844794AE3B376FC86
    SHA1:16377BEB178E4E3D898C3CD1A39147FCD862D661
    SHA-256:B6AA2F51B31C16D7C4474F6C42F16761C4C898A242CF91E93BEDD82A41F7CA1B
    SHA-512:99A93921C91FF5F61D367FE244EFC0D53BA5A495B8D8C1B648CD52CEC772FD61DC734EF423D060C7D34E2FD3B6408FA3CA8154B0960A10F47962414559586DC6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0.......,....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-GQHVJ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):235192
    Entropy (8bit):6.578418057469845
    Encrypted:false
    SSDEEP:
    MD5:D2AF8AB2B031AF80DC0D45E2905BDAD4
    SHA1:0242B2DC36706293C9ABE90DF1CD27F8DC99BF72
    SHA-256:C87008230971A094392254B6DD3648FF8FAE272CF85F6EB5973E7BF5918F8830
    SHA-512:BCF2EFDB1EC7361A07B087C3A7E678230A982F60615FE86B4C4DA0560DDD2E7B0917176B50437AD4D88787805718FE4EDF6F6FCDA1E71ECED2A62BE47E227DC5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..lM..lM..lM......lM.v.I..lM.v.N..lM.v.H..lM.v.L..lM.P.H..lM..K..lM..L..lM..lL.+lM.Q.H..lM.Q.M..lM.Q....lM.Q.O..lM.Rich.lM.................PE..d......a.........." .....x...........:....................................................`.........................................P...H.......@...........0.... ...|..........`......T.......................(...@...8...............P............................text....w.......x.................. ..`.rdata..............|..............@..@.data...x....@......................@....pdata... ...P..."...$..............@..@.dbld0...+.......,...F..............`..h.reloc..`............r..............@..@.rsrc................v..............@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-GS9C6.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.616228745530818
    Encrypted:false
    SSDEEP:
    MD5:F44C562F058C83CF98CB51A65410B5B9
    SHA1:CB633F131891380B8B5FFA87B332337FB24C5EBC
    SHA-256:89C3B43B4BF37D04253A8D565F055A29BBC0D84A473646D4F0787C96DE90FAE8
    SHA-512:6D52E929DA91A95E7CDE24EBF4E2326356442E3F10296DF8FB3F975C6EFAE3201605F95B413F827450D16BC14105CA2E6B1D9ECB45B944BCF72E1689039EBFB5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0.......Q....`.........................................`................ ..................."..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-H1A10.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.675833389239754
    Encrypted:false
    SSDEEP:
    MD5:5FF6D0C6F5E3075D3783B7D3B5AE62C4
    SHA1:CAC5BA2A96EE6427423AB7DF369E1DAF72194E48
    SHA-256:3AEDC0BFA5FA0FDFC50B3C7E2AF0F55EEBCBCF23388D0BB2067DACC5FE77F1FD
    SHA-512:C534DF23764C16FBFC7B38B85AB16C0EBE2FC8B23C218E7A681C003931F2A77F94BD2DAAE17995EEC5B5FA54550D4B330855E23F2EA1585592C800FC60C00D69
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-H2KBE.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.755332125894618
    Encrypted:false
    SSDEEP:
    MD5:526C026CD40AD18CB9377B30D80BD550
    SHA1:C0F108BBB43128ED7BC3C0BBFC1607DC0F564CC8
    SHA-256:987D2D81CDBD35B7615A3E0A90FD049AB32583BC7FBBB27833B89068CF870BD4
    SHA-512:A5BA8015559E5E8B06E29284FAA585126862851224F28E632A4750A5AFBCC713831A30EA7156E1EF7A83274FB4ED6AD53C712462D573CFCCF28AF304304C215D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Ki.|.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-H8NKL.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.694275061804419
    Encrypted:false
    SSDEEP:
    MD5:C2D02214DF98716DC7E22BFF6BA4D67E
    SHA1:C110B555383C23CF13328A1B48126F73FCDDBBC7
    SHA-256:19EDD50A7D9CD3492642DDA41AA97533D8A726DF36043D4E307A97BAC01212A2
    SHA-512:4CD3C719B220D0066F94A75F4D920CB13B60EBAE3A93938DECE7C24D14251AAD13580E2DF68C54D29694D466FBA850FDC1A6E3EC999D7D5BAC53812FCF5BFFAA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...&ny..........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-HAU0N.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):798392
    Entropy (8bit):6.618401639558601
    Encrypted:false
    SSDEEP:
    MD5:5DFC7AA9BF8E5D19357CD8593166BE0A
    SHA1:004212D2EDA3F1CE520A1F66CD70C4DF886275B4
    SHA-256:7BC5089632D3E1F96F0977D499A338FC5576A04EC6212792C305814F5D6794CC
    SHA-512:9B2165590CEF6B65076CC8093A7C673D496D4E8F488E37EB62C3C4446EE153924B1C9C181750E0F5972F672E154B841A384E4BA9123F20BA4E3479238A24D5DE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H..............V.............................................6.......7..................._...6.......6.......6.:.....6.......Rich............PE..d....2.a.........." .....v...................................................`......c.....`.............................................8.......h....P......0...hy...........@.......'..T....................)..(...0(..8............................................text....t.......v.................. ..`.rdata...v.......x...z..............@..@.data...............................@....pdata..hy...0...z..................@..@.dbld0...............~..............`..h.reloc.......@......................@..@.rsrc........P......................@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-HB8HP.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.643455137102238
    Encrypted:false
    SSDEEP:
    MD5:D0842AC13C33E2287D8ADFB16BC83E7A
    SHA1:68CFD86A437BD755C2F06E59FD2BA87026D9BEC1
    SHA-256:79F0CCFEC37C99A53FA333C95ADF94420765366D040EEA78A76C545C89708FF6
    SHA-512:88A5E680ED5E42452D0B7F638327BC38E88AF835ADA391A11C44C43FAEBEE040D9D30227DBA12231ED4FFA0C8FD3CB461F5A682D48E40A9C29EC410F069CA346
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......o.....`.........................................`...L............ ..................."..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-HBD7J.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):13352
    Entropy (8bit):6.709988606255274
    Encrypted:false
    SSDEEP:
    MD5:B2ACE524A1A6192C76143529117D8B97
    SHA1:0AB2CA1AC8ECE59F3F129C6DB78680907BB93F8C
    SHA-256:54004C150C6C5E0C0B9362548E0307F2617A27B8AD8233A5DEA1AC9F5D15C26D
    SHA-512:C21376063D886E3BB39B42B44577BB90226AE5FEFFD3FA2E6FDC9ABDD1C6612436134D62D0253FF601F4A65CCB06F3C5D164107284815AF1165B791615936FD3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......C.........." .........................................................0.......}....`.........................................`................ ..................("..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-HFR2O.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11816
    Entropy (8bit):6.735732791725763
    Encrypted:false
    SSDEEP:
    MD5:8ED77A8254259FBD066B7419DFBBC769
    SHA1:77EB9A397E8BE1FA5C620ED06B9727891574FBD3
    SHA-256:DE5857706C906DA8B6B0B70DEC5162F56A44A61A3E1086FE1445888757DB4545
    SHA-512:FA70A504B5D5E1E79C2C97946B1C6D7F31B93AD8956CC7DD495FC5E92CF564B7637C37E518B37BB2CD1C23116DE8D20538D8E4D73A79DF27F88E2A297C624246
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...(..r.........." .........................................................0......u.....`.........................................`...h............ ..................("..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-HQTIK.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12808
    Entropy (8bit):6.716239970535295
    Encrypted:false
    SSDEEP:
    MD5:88154EC235F2F0875C782048D5028F9B
    SHA1:11C59E52CA11B7651A1E3893ACCC11A33814FACB
    SHA-256:62B7169B5611634140E36556A6B5AA97B61B55F27489A71532BB99EF5263CD79
    SHA-512:F2F9FB5395F351645C4E171587EA94FD369BB10CE742E34F5B96CCA140D4CECE162753B8ED59A5380562470BA56D6D2827B278A4CAE675C9A03E2F5EFB291792
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...D..T.........." .........................................................0......66....`.........................................`...|............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-HV2M7.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):13832
    Entropy (8bit):6.581444961199179
    Encrypted:false
    SSDEEP:
    MD5:0C07D7A92F32D079E630C72FFCB34860
    SHA1:754AEE5A438815348672411A7A807C0347524004
    SHA-256:4334AA8029D99A792D15F083D58CC64A75844B9BADF483DE810620C0A4B49278
    SHA-512:FD1B34D2F21997FBCB52C7985FA067F21ACECEF48927C88AE3259CD5A2F50EB6B602E0678C83413BEA01BC020BD00749462EE0E4D8C52D734ACD23A32A4CB0F8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....5.%.........." .........................................................0............`.........................................`...x............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-I85L4.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.701794840167942
    Encrypted:false
    SSDEEP:
    MD5:54A1DED1160D8E7A02307B63C191E42E
    SHA1:BE3DE75C0FCC802D2CFCB759288313ABCFFD2EB9
    SHA-256:ACC5C813E40E55C5C242057AB15F3D9049850D7345D8509F7044BC905DD3AA3A
    SHA-512:41A1ED1393857B38137CCC91C5519DBF2D054826515F321F2CBB86A21D7086AD5098FE6A2DA9173F32B8D7FCC41A893C742DA0FDA99F8BA179254CD2097C59A0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...+P............" .........................................................0......".....`.........................................0...e............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-ICFPN.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):824120
    Entropy (8bit):6.628171902179665
    Encrypted:false
    SSDEEP:
    MD5:44DE7324322A0BE218C4B8BECA4C936B
    SHA1:F12DB9AE93852DBE960938640EC3E8B0B7B241B4
    SHA-256:1154EF1E85E292FD362DDE93123934E8E92BF4DDA71B7B5AC214AF0FF3872B1D
    SHA-512:64A04CB0150C974773A38E2F62D17CB8AA10E2F7AD6866256D9FB411F07826F449A3F61AF4BE81A66E15639B6E441BC059778915BE80D4D1C8D5761203DB04B3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........k...8...8...8.|8...8...9...8...9...8...9...8...9...8...9...8...9...8...8I..8...9...8...9j..8...9...8...8...8..x8...8...9...8Rich...8........................PE..d...k ne.........." .....B...........r...................................................`..........................................<..<...L<..............0K...i...j..8)..........P$..T....................&..(....$..8............`..@............................text...l@.......B.................. ..`.rdata.......`.......F..............@..@.data...PR...p.......T..............@....pdata...i.......j...p..............@..@.dbld0...t...@...v..................`..h.reloc...............P..............@..@.rsrc................d..............@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-ISCLI.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):231736
    Entropy (8bit):6.626632133955588
    Encrypted:false
    SSDEEP:
    MD5:CA909D46294B2A2923CD8C047C5E2017
    SHA1:B4AA99B78D798028DF83B8438ABE237D19BF18BF
    SHA-256:2643B15F154A24CFFA2C1D782BC4A89D93E54795E56ED3648FA108EBA10CC008
    SHA-512:A77BBF7E427CE3B673199C79C78CFFE41B5DBF59F15223A28B59CCD1336C3CBDAED252FBD5A227706C9FA84B6ABB7E2D06C19335D9BAF0F4ACD2B7C86A93C8BC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........=%.|Sv.|Sv.|Sv...v.|Sv..Ww.|Sv..Pw.|Sv..Vw.|Sv..Rw.|SvD.Pw.|SvE.Vw.|SvD.Vw.|Sv..Rw.|Sv.|Rv.|Sva.Vw.|Sva.Sw.|Sva..v.|Sva.Qw.|SvRich.|Sv........................PE..d...P..d.........." .....>...........(...............................................V....`.............................................H...(...............0{... ...`..8)......8.......T.......................(...P...8............P...............................text...j=.......>.................. ..`.rdata..`....P.......B..............@..@.data....)..........................@....pdata... ...@..."..................@..@.dbld0..4+...p...,...&..............`..h.reloc..8............R..............@..@.rsrc................Z..............@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-J5PQV.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):621168
    Entropy (8bit):6.641750253018426
    Encrypted:false
    SSDEEP:
    MD5:9758A232702EA99F874C9893BF69595D
    SHA1:8CD63B824D6C2B47A54828D3576EB3A288CBE290
    SHA-256:526AF910124D260A2F5E839AB22B8360799A3D9AEDCE84AECDA778E9B42AF062
    SHA-512:7BBBCB924A66F9D5D0EB8D155B434100E67D7E800C002B648726BFDC8548EBDB6BDFABB663DFBAF4D1C2BBD71869955483916102219B972AD6198AB0F868715C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FOq....M...M...M.V.M...M._.L...M._.L...M._.L...M._.L...M.\.L...M.\.L...MYF.L...M...M...M.\.LA..M.\.L...M.\.M...M.\.L...MRich...M........................PE..d.....%`.........." .................e............................................../Q....`..........................................m..H...Xm..@...........0;...Q...`..p...........$...T.......................(.......8...............h............................text............................... ..`.rdata..............................@..@.data...x4..........................@....pdata...Q.......R..................@..@.dbld0...]...0...^..................`..h.reloc...............D..............@..@.rsrc................Z..............@..@................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-J9SHO.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:data
    Category:dropped
    Size (bytes):920
    Entropy (8bit):7.735964737703532
    Encrypted:false
    SSDEEP:
    MD5:040E749C32AD12404721071A46418F36
    SHA1:3CD54DD87E0479188E06F1680BC0CDFF81C0B06F
    SHA-256:AB85C22711AEBE188EEDFE8051B6DE63422373EDBDDFB0750EDA57BFCCF87C42
    SHA-512:984C087EE8D7527F45FD80CC76B010C5F5B6C9A5298F88A08D3D8F378CB3431DDC2FDFB63AA349BFC1A9F62C46982D722132D55CE7700D2AF54AE58A65940AF3
    Malicious:false
    Reputation:unknown
    Preview:Ws!?....S................................<%..... `.. .. ..X^K.....[.DD...QeS.Q3.7^..!..:.Z!..^}..n*...o.&.@C....PO..&..`H....-.I..'lk.8.nup...Q..y....#....d.!.M..h.H..&#j_....g....... ...,V.a.q.......n.$.Cw..}...C.._2B.2;T...1.%....h......<..g4..I...e...(.p.y..0dC.,|..<...&....cx.......h>..U.K.....?U.D.%7.R...+ .n2b..../...Qy...|.q.\F8......h.<v4 l.e...3^W.ak.3.}..U.....NZy.........3A...[D.......Bn..M..q........>......$..IA.D|....cM.....5."1.M.%.%..0.n...[.2..j.pg.k...C...;l........mf.1._....]..0...t.%.2.'.{1..........>..c.........[.6..u}.e.......0..c..p...y...f+.M.&.....b..$.>..j.......VK...m.J.-...4m..q..~.w.O[ET...\s7..r.....+..m.........qL ....Cv......&v..q.^A.nxl....}`......Q9..zO.....C.>.+.EN.o..../!nZ.........".k.f..49....m.VKw....A2...N..B....%.....;......z....!...F.m....nT..t.....6z.b(|...@!k.}p...[h;<.`.{{../.E....9.r.=HgO9......l..k..)~..z`....,[.x...E3..-...*.C.

    C:\Program Files\Topaz OFD\Warsaw\is-JAPFR.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.694323930940949
    Encrypted:false
    SSDEEP:
    MD5:6C82E6BDC1D0D0746803FADAA0C5FB7C
    SHA1:88211EB2B86D17D343F4AEE7B338882258DE7E5F
    SHA-256:C41EC07B44ED1CA5B4E2A32E31D7D4EA8C31F419F9D6C5795C246D9DCEE35A02
    SHA-512:864ECC4856F235957EA44D84A5A71ACC1E48DF1575A606DC0150A10EFBF889FD312783C1C3E9466D715BE2A09E0DD6197E48197CBD5B82CD7D9E57BE10410995
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....t..........." .........................................................0............`.........................................0...^............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-JAUEN.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):17424
    Entropy (8bit):6.531093953293935
    Encrypted:false
    SSDEEP:
    MD5:1E0F171F06926E625DCE8F058C86A410
    SHA1:F9FF3BF6838008FE137FD64D68BCB6F48754B9D7
    SHA-256:A29AA72CB6A2E0CB7FAC180B28F7BFE0D3166CB2FF56B270A29FEE2EB676A042
    SHA-512:D189D69AE212000078EF059E36AA72972035B8E07E00BF030D96B3A2E4F35A1C5157637BEEA100D0E9B3041A19A5DCA4F545AEF585363027FB650B2357887273
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................@......M.....`.........................................`...L............0..............."..."..............T............................................................................rdata..p...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-JNP9A.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.61965970021638
    Encrypted:false
    SSDEEP:
    MD5:420323D0E507B86DA548D20B94F3ECAE
    SHA1:9F3876284BF986E627ABD7248E86CD1E1B1ACA42
    SHA-256:4185280EA58EA63579BDC141BB5263DAA42EAF105B8A81E4C7CCE89DBA331957
    SHA-512:AB331A9FAC890E8959218C65B9CF233C8D18573E1DBBB7D798A761131F5FC1F35E448919BD8F2D5A4C0999BEDBFB1BF6E85A7A6C766FCEE8A82211E3589435C7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......}.....`.........................................`...,............ ..................."..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-K8UEM.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12296
    Entropy (8bit):6.642971633588889
    Encrypted:false
    SSDEEP:
    MD5:97927B64D4A38E91987FCED5D39D8E79
    SHA1:79834D99237FACABBA6ADD6E8FB083A4607D4B15
    SHA-256:5B19240AA954733C60F56482BE91089E552295292D7A669418E10215C0F7830A
    SHA-512:6A14D66BAB6B16EF443964FB309CC42BA7FCBFC6AE746F91AF0FD748C8FDCCD638F478C807FFDB066061B6B0BD8471700992DC983446E815B4FC9731C08CE454
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0......S.....`.........................................`...l............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-KDOHO.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11816
    Entropy (8bit):6.629766593666457
    Encrypted:false
    SSDEEP:
    MD5:7A1610447B0CDE399E1C927256F5920A
    SHA1:3EDD867C835EF700FA08167C0B4BEC03474FFDA4
    SHA-256:80D2A9073FA9062132537424458A3164DF26E2F19C4F280A77386DA24788B3D2
    SHA-512:522A8CB819213A837F46DED31ACB08B028E82B7E9064A96EB87146385D569EC6AFFFFE80512C4CB65D4319498481DDF9B3F7185CA056A9E45C96FC248E4F0D1B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...L..3.........." .........................................................0...........`.........................................`................ ..................("..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-KNR3D.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.75395390060952
    Encrypted:false
    SSDEEP:
    MD5:B914A0DF66E9BB426A7012EEF0E29445
    SHA1:395CC316DF10DA59BD60CDE097A6CE80B052E936
    SHA-256:7A2278BD9BFCCEC089B5E9EA274EF0C2FA8E580DD86D9D3D9B671960FBC050DC
    SHA-512:46F1559A9DC1D073AFF7E54D40FB0DFBEC855BFBF7CDE24E9831CDBFD37D140961D4622482E53AAE0488CE9B0DF77CF2ABD1FAB1EAC0D27AD310EDA5E37A36A1
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....2~..........." .........................................................0......9.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-KOOUU.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.671797879979309
    Encrypted:false
    SSDEEP:
    MD5:62CC1C89D8DDC87DF2D8C4B5BCCDD7B2
    SHA1:1B2ECBE48B62D225EBD9A96AFC673106CD1F6126
    SHA-256:84AEA7DF4FCD4DF58CB7F158EF1BF55BD1BF1EE42EB8DC35FBE93F0861EC9E72
    SHA-512:8849F93A4D0AFBB86CEC00E49B1083547725E7285E4788C750CAB472D8D012E28CD3C57E3C6AFB63EDF61CCE5222DF04D93D3DF0A6112AC53134ED9CD23EB650
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...k=~l.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-KS05A.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.629061323083942
    Encrypted:false
    SSDEEP:
    MD5:67F72D3E24F887DD8331FA812DB18539
    SHA1:B0E19D0B10A7055A02E526DB31F5DCF66B990AF5
    SHA-256:6A86AD9A154138D0160D0DE2C018475935D3CE16FD5FD550AF34BCC386EE636D
    SHA-512:E85E7427A040B1E50840E8E54B243E14F911A108D86C972BB7B6EE16A730AC8E6EA7A5904147D3471DAC8FA7ECE720A1A061541593A11AE2370F2360788614E9
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...q$............" .........................................................0............`.........................................`...D............ ..................."..............T............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-L47KC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):792888
    Entropy (8bit):6.756647717428778
    Encrypted:false
    SSDEEP:
    MD5:EDFD1F3FF9E57551AFC50D1477A94F57
    SHA1:CC0BD2E0613057B570726A814120272C72C1DAB7
    SHA-256:B27EADBE44167F79FFB741DDF8AA46E92D5A3E6A281FE763EDE03E92A5C86CBD
    SHA-512:3C2226688CD06AC7C29D5E5F8C94DA519B4EC558A73B9311BBAD9CD85245091C1B2446149785DAA1707B0AFC13A7F05A1B8C642B74A5A76472AA988B7E44C152
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o......|.............w...=...`...=...w...=...&......f...o......o...n......:......n....1.n...o.Y.n......n...Richo...........PE..L......d...........!.....`...................................................p......K.....@..........................#..\...L$..d....`..................8).............T...............................@...............H............................text...K|.......~.................. ..`CODE..../........................... ..`.rdata..P............d..............@..@.data....K...@... ..................@...DATA....0............<..............@...BSS..................P..............@....dbld0..0............X.............. ..`.reloc..............d..............@..@.rsrc........`......................@..@........................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-L4JD0.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):13840
    Entropy (8bit):6.648730319353101
    Encrypted:false
    SSDEEP:
    MD5:2F8C2183E2B408A625202D596C462274
    SHA1:2257532CB2B848167411C41FBFCD2C1403E3FACD
    SHA-256:8263AE785E4041FD038FF58F4F7AB8E013AE63026837C65D98A9F492BC97F880
    SHA-512:51E10E3272F41592AEA9F9531085EA3794D9D99AC92DA214A1EEDB4806F2FD451DEDBC5D306BA6DABFBEC119BB4C947104E35BA20A78DC8210BE40E986A512B5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....[..........." .........................................................0......0G....`.........................................`...\............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-L8OLS.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):551736
    Entropy (8bit):6.6772912028154
    Encrypted:false
    SSDEEP:
    MD5:2A75570FB226BEB0934DDC05425349C2
    SHA1:A2A37A7569010F3883A03A91C3C820E8E69F0FAD
    SHA-256:035A811017D56A1E81F41E76DFCA66E931210868E01658004595F4E4530E0669
    SHA-512:2F828EF1E6215F3645E1F492303BC96DAF7E843BE0F78D741EB94E840C4A5C1D5C9669C4660ECA0BA046CD485108040D5F5A2943B2D1C3B33508B4028EBE5AAA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F.(...(...(.W.+...(.W.-.).(.W.,...(...,...(...+...(...-..(.W.)...(...)..(.@.-...(.@....(.......(.@.*...(.Rich..(.........................PE..L.....d.................x..........O.............@.................................w.....@.....................................(....p...............B..8)... ..,O..Ld..T....................e.......d..@............................................text....w.......x.................. ..`.rdata..RC.......D...|..............@..@.data...............................@....dbld0..P...........................`..`.reloc..,O... ...P..................@..@.rsrc........p.......<..............@..@................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-LEC8A.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):981304
    Entropy (8bit):6.423197536651538
    Encrypted:false
    SSDEEP:
    MD5:EFA72299DB3870D4BD5E10E52424C9C4
    SHA1:9A04CD42E00B5AA13CCB94AAD9E765C3F0535E43
    SHA-256:A517F929835F49A3BBA68209BD2F2ED302B2C31B2BDC050EB20416E27D74B9FC
    SHA-512:3CFA22734E119FF2E4D3E29F5A6C818EF630D161DC07F139F52B5AE20D1F921FAC62D1A27622478DB6D4EC2C17582BC7A7BDFF4196BA17B5FCB7F79013996B72
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........._...1...1...1.0.2...1.0.4.O.1.0.5...1...5...1...2...1...4...1.0.0...1...0...1...L...1..._...1.'.2...1.'.4...1.'.1...1.'....1......1.'.3...1.Rich..1.........................PE..d.....d.........." .....p...".......;.......................................P......Tt....`.............................................\.......P....@......0....n......8)... ..0....,..T.......................(...`,..8...............h............................text....o.......p.................. ..`.rdata...............t..............@..@.data........0......................@....pdata...n... ...p..................@..@_RDATA...............2..............@..@.dbld0...y.......z...4..............`..h.reloc..0.... ......................@..@.rsrc........@......................@..@................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-LK6MP.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.646095065344003
    Encrypted:false
    SSDEEP:
    MD5:404235D46A7B21084DFB80E1E56ECB8E
    SHA1:17012D6235F41EB16B1124F0ECDA77711C3DCE6C
    SHA-256:B52E940ADD1D34582E9935906614FBD97D991107551F5245B144E2E90F68F548
    SHA-512:E8E5869352636840DAE0105BF72B15048EF2A7D5313BF6CBDA163ED863D25471AEFB2411889A1CFBDB8A17A36F4A8E595892BBCAA22193C632BEA3FCA7E22799
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-LPAT3.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):124264
    Entropy (8bit):6.2655297243032955
    Encrypted:false
    SSDEEP:
    MD5:01ECAA29A7BCB0136F085C510806F16B
    SHA1:B7CA58DF2E3EA1FE4687CB78F6576D832E834B0C
    SHA-256:EDE6537C7D630DD9A906EEF36F8E71FB980362A4A39C190D07F9393660F743D7
    SHA-512:B72C258EF032CE74358B078C216A5746B284A9A5EB3A14A7350404BA53899BA7D7CC5EB76EC2F39CE8307A407CDF12695CF1AD8DF5F23C89259E4EFAC954A3E6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._.n1..n1..n1...5..n1...2..n1...4..n1.4.5..n1.4.2..n1.4.4..n1...0..n1..n0..n1...4..n1.....n1...3..n1.Rich.n1.................PE..d....I.a.........."............................@.....................................s....`.....................................................<...........0...`.......h.......p....g..T...........................0h..8...............x............................text...P........................... ..`.rdata..............................@..@.data................v..............@....pdata..`...........................@..@_RDATA..............................@..@.dbld0..............................`..h.reloc..p...........................@..@.rsrc...............................@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-LS2RM.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12296
    Entropy (8bit):6.600993739439923
    Encrypted:false
    SSDEEP:
    MD5:CD80166720668870FE271DB3A633F897
    SHA1:8A7091BACBF71CDBEBF2AC67CE68119833DB6B5D
    SHA-256:3DE73E2ED94F3D19531583F2C623FAC6BCE469A2DAFB36861A417055639DFCEE
    SHA-512:90A007C2D0132DE5835EDA3D5E89B6C97587217FFB0D0D7D24668BBE8872B1A98DB1C4D13ECECE03D042FAA997628BD73C60ABEBEAC771F1B07CF3FEA3CB55AB
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0...........`.........................................`................ ..................."..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-LSJ6G.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):36744
    Entropy (8bit):6.338930426001045
    Encrypted:false
    SSDEEP:
    MD5:AB03551E4EF279ABED2D8C4B25F35BB8
    SHA1:09BC7E4E1A8D79EE23C0C9C26B1EA39DE12A550E
    SHA-256:F8BC270449CA6BB6345E88BE3632D465C0A7595197C7954357DC5066ED50AE44
    SHA-512:0E7533B8D7E5019FFD1E73937C1627213711725E88C6D7321588F7FFFE9E1B4EF5C38311548ADBD2C0EE9B407135646593BF1498CBEE92275F4E0A22ACE78909
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................].l...W................W.....W.....W.....W.....W.|...W.....Rich..........PE..d...&.._.........." .....:...4......pA............................................... ....`A.........................................k......,l..x....................l...#......<...(b..T............................b..8............P..X............................text....9.......:.................. ..`.rdata..@!...P..."...>..............@..@.data... ............`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..<............j..............@..B................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-M3NNI.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12296
    Entropy (8bit):6.704657188755376
    Encrypted:false
    SSDEEP:
    MD5:D906E0E41CF5EE445F02CFF8D27F7451
    SHA1:D11D9D4C8BBC24BF4BC46E9382913816AFC0181E
    SHA-256:3294D1E26238FD6474950B8BAE52CA635B68B05AFCEF3B7C579FA85ECE7C396C
    SHA-512:37FB50E72F8BD6BA5D1ABEF7BEFA0327B4AF00D83397EE9AB5EDB54D33A9100B0617A2C739597EBAE473EF91039373696B900DD7DE47C6FBC88059DB58B31BF6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....1............" .........................................................0......z0....`.........................................`...8............ ..................."..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-M4GM5.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.631770592836538
    Encrypted:false
    SSDEEP:
    MD5:20D6AE87762C4E7F413C7C0F0CFBAB88
    SHA1:0544F16AE1720DF68F0DC5A37BC3D72DE82A8475
    SHA-256:BF058145036C11FDB809A9B30993369E5D4FA9588597F877ED61BF634F01BE65
    SHA-512:3E4CFE76EB158BD3DB19CC9B8FC6567A2C0E888DC1D795280E936E2AD702AE82416F75CE02F21584A153FFB2092058D4FD664CB97A5E070DD675EB1E1A7706D6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...\J............" .........................................................0............`.........................................`...(............ ..................."..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-MPT1M.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.673489419143386
    Encrypted:false
    SSDEEP:
    MD5:D5194BAE55E0857747269989AF9AC3F4
    SHA1:AD71984AA5E6BDDEA9F575095116540645F2F798
    SHA-256:4A1ED06C0E9DBFCFA008F969583F231D6FA3731232C7ED46AFF8F8C6A74F4B3C
    SHA-512:17B3749604C503649A527BDE981140DB58CCFC99F7D13C30627DF0D67D9272FAEAF565CDCA1CE7E715098095F34C5C76110AA1B0A9C6F97B4C6F13BB8490D23F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......'.........." .........................................................0......p.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-MPU51.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):351016
    Entropy (8bit):5.969535336504725
    Encrypted:false
    SSDEEP:
    MD5:AE9834AF0F400593E6E3A9D170AC5AD0
    SHA1:EAA3C138CC87DD623A71DBF06F6651304AA08265
    SHA-256:95D61333338505B5532592FEA102869703840BE3412355A466E15DE8503690ED
    SHA-512:9FBA1C458BB350F87BB7C0DBB21A17DA677A93B2E200A27F7F2F92008E82D4FA7E7DCCD11A8C80F5B5255ED70C2A630F11B40535DDE3ADAAFECC829BAC60164B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......~e.F:...:...:...3|p.*...hq..2...hq..>...hq..<......8....../....v..;....v..8....v......hq..$....v..=...:...~....q..+....q..;....q..;....q..;...Rich:...................PE..d.....cc.........." .....d..........<z....................................................`.........................................0F.......F..............0[...!...2..()..........H...T.......................(.......8...............0............................text....b.......d.................. ..`.rdata..v............h..............@..@.data........p.......N..............@....pdata...!... ..."..................@..@.dbld0...,...P......................`..h.reloc...............&..............@..@.rsrc................,..............@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-NG6HC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12296
    Entropy (8bit):6.713068172188698
    Encrypted:false
    SSDEEP:
    MD5:7B2CAAFBE6B2C3D6CBF232610DCCC034
    SHA1:ED3F3CB464C779F224729C62ED2A4318F8D0AEFC
    SHA-256:BA0AFA1FADD4429693538AA2E85230EDCCC2E481F80B89666907D108D31BED8C
    SHA-512:E32C3B6F31C9FE31381884AE683178BFFACA4A88F030335A4502DE42432CC014337F5AC2C2ECB726AFEA15CA3F4C52C26D4024ABED1A4187C4773B8C6FF73977
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0............`.........................................`...H............ ..................."..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-NMSAK.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):13320
    Entropy (8bit):6.615643652302492
    Encrypted:false
    SSDEEP:
    MD5:9BA46D3E0AEF8068C5ED63DB9610652A
    SHA1:8097091C67947272F714952DB1B4C8F5CB65C28A
    SHA-256:732794A733D874319FDB08A8792977A23C7FF4075A8F7466BE1B95A991D33D7A
    SHA-512:37DE7AA6F8169A160096FC983E1E9C54409D800A489CEA2E24FB3221F29094CCFB3A81C581A5C9EC4F4F9E051061CB211E1C448E293FD7DFF99C214E7A48CBC4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....|............" .........................................................0............`.........................................`...8............ ..................."..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-NOFUA.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):3171128
    Entropy (8bit):6.79135837761385
    Encrypted:false
    SSDEEP:
    MD5:30D3F2DCFA561495C0B8C3BF59FB6E1C
    SHA1:6043C9AD85DD4D600A8DE2DEB3D3DB1B534EFABC
    SHA-256:8CA3571913235917D44DCED9D726C424839703CB64D2D782D0ED8B03EB45559D
    SHA-512:0BE2C4DC5763ACCD4A7B527F7EB58C297E1B46527ECE5E05C55FF5384E33A32FC467F965C34C6C632FE71828A878271A2CE8344AC1F407FF19D8399038601998
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......P.<...RU..RU..RU...U..RUF.VT..RUF.QT..RUF.WT..RUF.ST..RU..RU..RU..VT9.RU..QT..RU..WT..RU..WT6.RU..SU+.RU..ST..RU..WTm.RU..RT..RU...U..RU..PT..RURich..RU........PE..d...._.c.........." ......".........,A .......................................0.....#.0...`.........................................0g,......h,.......0.....0....c...:0.8)...@0..q..Pi*.T....................k*.(....i*.8............0"..............................text....."......."................. ..`.rdata..4]...0"..^....".............@..@.data.........,..t...z,.............@....pdata...c...`-..d....,.............@..@.dbld0..Dn.......p...R..............`..h.reloc...q...@0..r..../.............@..@.rsrc.........0......40.............@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-O735A.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:data
    Category:dropped
    Size (bytes):1272
    Entropy (8bit):7.796773430184955
    Encrypted:false
    SSDEEP:
    MD5:7E2E4D0E323D09ECE011920FB8F79846
    SHA1:732495F032A880EF03AE9FFB85183E1619E9C506
    SHA-256:F23933C16118B6CD1AEDD8C84F71A6844FB86A6B67B45A68397FC950947144BA
    SHA-512:F5A259CD10896F81594778AD86D383A393CC59B71E6DBE7CC4B20FBE88F17236136C8CA11EAEA69334C05228A6F4F543BD8290FA1941DFF16D3729F1E83F3C5B
    Malicious:false
    Reputation:unknown
    Preview:Ws!?....................................3`...... `.. .. ..[WM.....^.AC.!.UmT.Y;.9Q...../..../:..j.6Zx&"....&.@KS.".....P......jJ..R......p..Ce.F5....*..........=.`Arz...=P.s...T....4.y..N.d....Rh..ZQ%.(..Q.).O;..o..S3"h.X....!A.9;..9..<..;.:f.6.../.....m.@.`Z..`... .d.....Y...9@_$7s.;..nELm'.1.B.J.I.q..Av.o.;..{AC.......t\Xfdt.........dM$]."~S.....}G.x....r......Y|}.....A....=....)m..Da3\3..5....W.=.`c..........eT.o........=n....<.N.l....j.|.+...S..e,.....B..O...T..u..t..G|....[P.\....D...%.:BYo....R......EdN..<...si.i....^.T......dnd.......J.m......DW.,q.4E...m.^.;u*.V..8....p\.w.l7...=..^....*tj.e.o@..C..H7...?Y..oiL........`.....4r.rY.?.q....7S.."..d.....o.x...<.nP..."._..;.p......P..,.:"..1s..M.r. ._..W`.+...6.s......!....KEw&X.wc..x...F.b..{.I.\..u.`.6..G.v....g.M!...Y._..`.^_"i..ik ;N.|..X....>;..r.)..Q.(.K.wSom!.....&p...Z..4T*.h..a..wBM.?.vj.U.g.....".T.~..Xd......T.)...H......N..W3....2....Fh}.ED..=...m9a.....%..oR`..

    C:\Program Files\Topaz OFD\Warsaw\is-OI81U.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):560952
    Entropy (8bit):6.2200103982533195
    Encrypted:false
    SSDEEP:
    MD5:E911A0D0D2249F06D7E6C470E777C26B
    SHA1:F51EB473E1B079E68686F0AA6105D9084B354822
    SHA-256:86E3C6505350A689E2AE2580ADCA064A6B7CF72B32843C99554C840E168E6294
    SHA-512:EB90F2E639E545A31C10C53FE2C37346E57088FF8A5BD968C372F3315545318B6E8CAA1C78D3B2519275CD5E00B9860F705570418F2C73420B72A1CCEB123C40
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$............e.].e.].e.]c..\.e.]c..\.e.]c..\.e.]...\.e.]...\.e.]...].e.]...].e.])..\.e.](..\.e.]...\.e.]c..\.e.].e.]he.]...\.e.]...\.e.]...].e.]...\.e.]Rich.e.]................PE..d...a..c.........." .....h................................................................`.........................................@1..P....1..d...........0k...?...f..8)..............T.......................(.......8...............X............................text...?g.......h.................. ..`.rdata..J............l..............@..@.data.......P......................@....pdata...?.......@..................@..@_RDATA.......P......................@..@.dbld0...J...`...L..................`..h.reloc...............R..............@..@.rsrc................`..............@..@........................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-OLVVS.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):627512
    Entropy (8bit):6.73365540778044
    Encrypted:false
    SSDEEP:
    MD5:44EEA9E20C558ACDECF4CE8CFBA4A18A
    SHA1:11569F9A737B3FEE63929941D0F3702BE9FA3BD2
    SHA-256:DDC3581FAADA95DD5E5293B57F37B1792E36E4F6140D0C22695DF4224FAA60C7
    SHA-512:55E0E791A767B84B474CF63EB3C1ACF5AB875E90C3E9E707AB72F9D73E03D40125A7E4C711C647DD74909B4352D22C8381E82917F67EDF3E18D4391D07D87B48
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*vHBn.&.n.&.n.&..e%.~.&..e#...&..e".y.&.<b".a.&.<b%.x.&.<b#.".&..e'.c.&.n.'...&.n.&.o.&..b#.s.&..b&.o.&..b..o.&.n...o.&..b$.o.&.Richn.&.........PE..L...7.ee...........!.....d...............................................................@.........................0...L...|........................j..8)...p..<[......T...............................@............................................text............................... ..`CODE..../........................... ..`.rdata...`.......b...h..............@..@.data....&..........................@...DATA....0....0......................@...BSS..........P......................@....dbld0..0....`...................... ..`.reloc..<[...p...\..................@..@.rsrc................d..............@..@........................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-OP56C.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):13840
    Entropy (8bit):6.6621084025322785
    Encrypted:false
    SSDEEP:
    MD5:25586E8F953667BBBB2A7F2E25949808
    SHA1:9597DC051C9EF3C234D03C5856402964E8E36110
    SHA-256:C6FF48E6EDB727FCA3971DB306E617462A4D692CBBBE2693D447F072720ECEE6
    SHA-512:AF607633CBDEBAD127AD804B4C54957E74102D0F4FDE2F3229E163FDA7EFD9BFB923E812D25CDAC13332FD7F6584830BE8CFAAB4C84CCD78E5642A014E5A8B93
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0...........`.........................................0................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-P2IB0.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):697144
    Entropy (8bit):6.565334131405293
    Encrypted:false
    SSDEEP:
    MD5:27715128D3D87A927F30C77BDC00F473
    SHA1:8116025F084891BFFDAFA50C65E8A2EF670CE15D
    SHA-256:366915C240F460D75883E7675D2452673C61AB120073F2AA45D45E754A42CDD0
    SHA-512:83D81C923F2E131E4DA196B9D2C999A95601959C603C511208D340F120BE12CF93FD229BBA8CDFB0D35ECAEB7E82582AFDB6C4EB68556D68642BB54D71088DDC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}....H...H...H8..I...H8..IF..H8..I...H...I...H...I...H...I...H8..I...H...H...H/..I...H/..H...H..H...H/..I...HRich...H................PE..d.....d.........."..........d................@.........................................`.....................................................(...........0[..|M...z..8)..............T.......................(...@...8...............H............................text............................... ..`.rdata..............................@..@.data....>......."..................@....pdata..|M.......N..................@..@_RDATA.......@......................@..@.dbld0...X...P...Z..................`..h.reloc...............d..............@..@.rsrc................t..............@..@........................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-P3DP5.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.708682131967886
    Encrypted:false
    SSDEEP:
    MD5:23F383B674D9DBBFFD228B52BD36DA12
    SHA1:4D9CA992006CAC527224EA3D56E24220CD77D255
    SHA-256:A82A05337948E29ABFA5B381BC78FFBCACB8148CCC9380ED9FF1FE300AFDA990
    SHA-512:F78439F34FBF579660B216374EDFF1316E5568E1977C931A903A76C57D864DA3339629093B8C8E6DC8712271E8A8AC47007968334635AC2900F2F10557CF4D87
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....:..........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-P50AP.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12816
    Entropy (8bit):6.590202979931445
    Encrypted:false
    SSDEEP:
    MD5:08F8E94021B233848DBC1624CB17BB7A
    SHA1:8BDE9C791550226A6E139D86279D22D12054437B
    SHA-256:7ECBC9B895AD5A70CCC45E85D3EE401AE0517B71040354351B63D00814D5428A
    SHA-512:C8ED343189F6F0FBF89B060FF62053BBD17540D4AA7358B355448C57F6D18F988673806C3E4D103C47A9B09CBAAF0829EFC1C6D779F5B563E9BA326C5413B7F5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...h{............" .........................................................0......@I....`.........................................0................ ..................."..............T............................................................................rdata..F...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-P7A57.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):411496
    Entropy (8bit):6.66539776068219
    Encrypted:false
    SSDEEP:
    MD5:31BE591B43A50D3D7E250D0C9923A314
    SHA1:A0211C0E4A29A3455A9E1BCCEEEA28F7EADCCE04
    SHA-256:CFBE3DAF7FFF18F78C26735F4B0E83BE6904DA5BDF2BCDDA4AB670AE8F0439E2
    SHA-512:302D47D37BCCE0D07840654676769D85F57DCAA0A137E1EB6B75F663AFE0006DD72FA15D67FF3DAD2D7FC1C02F550FBB2BBF1AD46572CAA59F64B8207C0ACB6A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........M..M..M..D.Z.Y.....E.....I.....T.....K.....A.....L.....J.....n.....J..M..C.....l.....L....6.L.....L..RichM..........PE..d......b.........." .....B...........K..............................................n.....`.........................................P..........,...........0+...6...(..h....p..........T.......................(...@...8............`...............................text...*@.......B.................. ..`.rdata...H...`...J...F..............@..@.data...8/..........................@....pdata...6.......8..................@..@.dbld0...A... ...B..................`..h.reloc.......p......................@..@.rsrc................"..............@..@................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-PGQV8.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):14376
    Entropy (8bit):6.6851002355812215
    Encrypted:false
    SSDEEP:
    MD5:39475799BFAEE65894F94A0F15D0D1FB
    SHA1:F7A4E3DC3FB5133C53BE4F1B7F1956D85F6F392E
    SHA-256:2D9F380091506EB22F0E92C68F6D8641C06FA92F733494FEE9836FD748A294D5
    SHA-512:7156D60EE067F99D21C9D88883C90E8C83D75729807CDD77A37D74D6B15A8224D93189C1283C8756EF18A965BB8A11AD2DA84BB6FE8ACBFFB83503FE6B5355A1
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......H....`.........................................`................ ..................("..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-PH93P.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):1043240
    Entropy (8bit):6.617198693706739
    Encrypted:false
    SSDEEP:
    MD5:0802DADBDDB5E8832AD3DBCE8244CE98
    SHA1:B07A04A5BA11D236CC4B558B95464628B3F6F3B6
    SHA-256:CD90C15039C1C61CDC7C8A21E8D33D5567914986BCDC9303A72C00E754A14A08
    SHA-512:992F96C4E08150F70ED41FE1ECD782E041C5FCF1A2830305D4C6FB7D14D953E482CD632101C9FACC18B93E37A14433DDC92F55B15BD763744B5B40F0106E36BC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......]-*f.LD5.LD5.LD5.4.5.LD5.>@4.LD5K9@4.LD5K9G4.LD5K9A4.LD5K9E4.LD5.>G4.LD5.>A4.LD5.>A4;LD5.>E4.LD5.LE5WMD5.9A4.LD5.9D4.LD5.9.5.LD5.9F4.LD5Rich.LD5................PE..d....;ac.........." .........F.......5.......................................@............`..........................................O..H....P.......0......0{..@.......()..........H...T.......................(.......8............................................text............................... ..`.rdata...{.......|..................@..@.data....Q.......$...b..............@....pdata..@...........................@..@.dbld0..p....p......................`..h.reloc..............................@..@.rsrc........0......................@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-PQ4GA.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.744878836757168
    Encrypted:false
    SSDEEP:
    MD5:6A90021A45818AFF3390438EEFC9B787
    SHA1:84E2A69F2F6C0DFCCA296BCEE032C1E0C19641BE
    SHA-256:A8515699A009E0E028B44851C02AA0F794D1D1B41A73772B98573754424E1025
    SHA-512:DDF441775EE6FA741A96F19D2D4EF208CE9B545672CA4B68C4CDDAA6C1D6032BBC1AA4E58C087CEA6AC8C2A4F69BD54541B83EA082F2F32E76F41C22C9C990B3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......Y@....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-PREND.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):14352
    Entropy (8bit):6.624346664288648
    Encrypted:false
    SSDEEP:
    MD5:91A9A071911D868B67543FDBF26B245D
    SHA1:605E3EFAABF0DF0469CBCB497583F7279D2BC900
    SHA-256:3E76C447158810765794720006113656165FFB55557B4EA0B078528952F6EEB8
    SHA-512:1C2CCE3CC50ACDC54C3DDF9CC07C6224C907D8457A088ABF1913F4582A4341A13CC5C85CF70FEE19B7D5883068D28C789C99C54F18CD7FEA83971C15FC4B34D4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...leH..........." .........................................................0......\.....`.........................................`................ ..................."..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-PRSE3.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):21008
    Entropy (8bit):6.217693406276633
    Encrypted:false
    SSDEEP:
    MD5:B3937AE7171B6B3D02166BFA9CD6CA9E
    SHA1:949C7DFFEB2A0957F741AF5CADE887D8FA0B89EB
    SHA-256:84B21FD1737B7D8953E22BD4DF29CD933E3FC0A07D134598BF062F7ECF984AEB
    SHA-512:00EFD098585546C25B4F8489673B8707E411FEB1CA0936F4FFB9FFBFDF160218EEF8E6870EA85CDB659C2FC243A473C28C7BD9B9D708163181BC9EB85EC416BC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...IV............" .........,...............................................P.......d....`.........................................0....%...........@...............0..."..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-Q6IJT.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):13832
    Entropy (8bit):6.691082690824585
    Encrypted:false
    SSDEEP:
    MD5:FC599F3D910EAE2F58EE26F659BC54BD
    SHA1:922D59FE207D655CC3BCACE39C853FDF8C48EC7A
    SHA-256:CCFB0B093D2C0384A958791E3F1F08C51625272A4AAB6211BB8933E724E248B4
    SHA-512:9EC8B1DF87B2CA39D5613EED0587A5BE442A900DC1A8B5254364657F5FE4AF48B0DA0C3875C0129BCFF36088F1CC2281AF0F563AB1124037643FD7BB3E357985
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...=Ef_.........." .........................................................0......[.....`.........................................`...|............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-QIHTM.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:data
    Category:dropped
    Size (bytes):4642937
    Entropy (8bit):7.995410105457955
    Encrypted:true
    SSDEEP:
    MD5:75D92FA20E53408124D930EB769FDDB7
    SHA1:C26980DDFEE57B28E318F6F2A28767720CFBF2D1
    SHA-256:DEB04A11F87FF08B32B07C601E96AE8423F00BD86CE85B538C26583E5508BC44
    SHA-512:2F55E74CE8BA7F82E1FD5BF5F8174CC3D1D19068A2ABC8132602A2A48D9B6A7E8FCD8C35BE4E9B767803529425207F5239F7BF59B9D22999E83822AAA6B6CDEE
    Malicious:false
    Reputation:unknown
    Preview:z1..............[8>......................................)A...................................p....C@.].....P.` ....-\.W..~..P....&.....;...c.L.SB....t]V#{.5;...../...{....t..........5...@Lu...n^.`l.|....7X..).....,.Le...p..5/S:P.......l.......}.....'r..#Nq...G.._&G...@......;.@2.f..v....{..........-.m..MR.<..q...x...I..m.."B.tw.b)....j.Y.I.!-.?...k..{...>..+GF7ERK.h.6(......o.|.s.<Az_[.Q...Gp..ZQJ..D....}...2})....R. $...GA....}...... `...F..NY........7XMZA.P<...Nb.......d...q..R-SO.).m..[L..[.......6.4.t..............#Y..+...gV.:..)......jj.......?CY..X2.R..D.v......E....Gbm./..3.#J.........~{..td..I-.JHDq.af},.de.[Y.+..}.f..q..G.R.."..Q.../.....>m.W.=.z...Vq<|Uh...._.z.=..>Y27^.M.b.9..YD...-..}.;7.f.q...gl6..#.f....i...........]Gq...[.........p..0.%..:v.`...0S....o.G..p%..Y.^..]...u...o.rb.`...,_&1..S.Z...;~H..4,z.N....\3/l>.....!0....FA.,4O..Z..8@..-.e..`..$..4.^..h........N...R..&."K>..Q,Q."=..QL1&6....(..ye]..;KY.`%..=a(...N..P....[.B

    C:\Program Files\Topaz OFD\Warsaw\is-QJ10O.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.752941788622089
    Encrypted:false
    SSDEEP:
    MD5:87F1F8D1E23C66816EDADB956EE9485E
    SHA1:0FAF04E3AE4A4DCBFB52AC4F95BABE432FDE859C
    SHA-256:EA3C47FB95CA5A04B308B18E6B39386EF2D1D43188CDB365344D3FDD80D05A31
    SHA-512:9698FF831F718AE328873D72C1C225A85A2CF69F6BE01F24EEC4AB7E991BA5FD0018DF8AB9E2C4CEAA759397007B9A7A187413347100E689AC287A42B785BFA1
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......ev....`.........................................`...x............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-QLOJM.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):963184
    Entropy (8bit):6.673085924964197
    Encrypted:false
    SSDEEP:
    MD5:3FE2BAC51F799EDE47D7C06EA3ECD1C9
    SHA1:94EDFA93644A5727DF90A4098AD030A51A2B8113
    SHA-256:CAB4AB69A1AF232B283162565354E6D70E09EC7FD186B1752557A28EB0AA2EF3
    SHA-512:10ED3101E5894226A2C08AA849540117D7D3DF256DA5A0BC98C2ED8E9B98A09575A19DA9FCD8FCBF6372A8C10A2A93FEF0EA838B306344272DBB2C5E6D29FFA3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......U................/...............................................J......J..........!.....H..........C...........Rich....................PE..d.....&`.........." ................pJ...............................................*....`.........................................P9.......;..h...........0[..Tx......p...............T.......................(.......8............................................text............................... ..`.rdata.............................@..@.data....Z...p... ...V..............@....pdata..Tx.......z...v..............@..@.dbld0.......P......................`..h.reloc...............t..............@..@.rsrc...............................@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-QNGBI.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12808
    Entropy (8bit):6.617298832416133
    Encrypted:false
    SSDEEP:
    MD5:8D25A9F4E10A70B4E86424D8FD826B3A
    SHA1:C63079A078BEE58CC9083C4DDDA7CF19BCF5B96D
    SHA-256:97DFF96BC2A969418229A932F2AE6AF7DE03EEE8DFF5573BA1D11C3FDC9C660C
    SHA-512:9D942F0F6FA01D1FE92536DCE730242FA1316FE09D3B8CE62C13A4D56873ED48FDAAAD7DAA630610CAF168C7A674F523A2321025949E786FECA249BCE013A62D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....oB..........." .........................................................0......L.....`.........................................`...<............ ..................."..............T............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-R6OEI.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):370984
    Entropy (8bit):6.592128228887179
    Encrypted:false
    SSDEEP:
    MD5:CB4DF7E4EB2C23B44AC800DC53D328AE
    SHA1:D1B3F6EA67B9467850672DB08ABD8E84123D22DB
    SHA-256:C26FC5D1FB6D5D172A0624E67BD7B499ECE0904C3E22D4C27C0789A62BB5FE1C
    SHA-512:0272F2A32E4236F4E2E89E23BEA89709C51B1BDBD4A9CB20F44707FBEA1D36ACC1C4A6E987975B54327D64EDFF6D87C5ADD37F4C6B5163616BD757203131C974
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........f.................t..................................>......?......>......t........................................Rich............................PE..d....$c.........." .........b.......V..............................................dB....`......................................... ...H...h...|...........0....6......()...........M..T....................O..(...@N..8............................................text............................... ..`.rdata..............................@..@.data....3..........................@....pdata...6...@...8..................@..@.dbld0...A.......B...,..............`..h.reloc...............n..............@..@.rsrc................z..............@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-RAB4C.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.7272309946707844
    Encrypted:false
    SSDEEP:
    MD5:F98687F24C22ED699DBC3721CDA79044
    SHA1:67F97F2DC22A76C533435E9F3EED4D43C8265D90
    SHA-256:EA02309A2DE376DC9321E2A1154ABFE39170762AC24E5925D5FB8F3E726D723F
    SHA-512:64C0CB361328F4D2C4A6B15B4E345D6F3C83C195B2AC879712F443E722C6694A5A16FBDCA2B7CF287081FFE093EE0D01573B22D3241DE03CFA195BBBD6D3EB58
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0.......-....`.........................................`...x............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-RDFPT.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12816
    Entropy (8bit):6.654452573199329
    Encrypted:false
    SSDEEP:
    MD5:B39818632A1E37FFF6BF0DDA3F2C1732
    SHA1:8F49FD8E54A3FC93B89B75B4EF1741E08880DD29
    SHA-256:24D1AB93B6799378C110E0DD164D82C39AF1B8FB50BCCB754B1B52B3B68752A1
    SHA-512:085902A0AFA9B6868C0F7D91B2C45A5A780EE154A0A39BF733A27D4CFFFE0FA9B4CAB91503EDB01344CC5B664C768F72063EBDF588AB5019D1A53F2D43F0E8C4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......R.....`.........................................0................ ..................."..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-RFLP3.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):14352
    Entropy (8bit):6.55464433278048
    Encrypted:false
    SSDEEP:
    MD5:437B1F0308340DB8C5D0D7F3C72706D7
    SHA1:C341A5D909855E08AC56FBFC627C61E941F7F7E7
    SHA-256:77F3C912052578780F06D6F63CD3FEEC925F9C20C5F0218DAC9E9C0950644614
    SHA-512:F622C662AA90D1F3C3A5CB316385B17DABE8AC201BBA07D8DA3B8DF8D96FD298ED39B651B4EBA1C116AD9C1C26B17A2DD32400B256DC30B5B3BCDB1D7D87FC89
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0...........`.........................................0................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-RQIEJ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.613978911868169
    Encrypted:false
    SSDEEP:
    MD5:50C3CF566D49C23EBB16E7267730CB00
    SHA1:271F0CE88C95A99020398FF6ABDE600A4D87C12A
    SHA-256:B177E16078453DC9F4EEEE639504D5BC2F737251FDE536FC173671F9BBC63B59
    SHA-512:7EA9B4393C35E50D3A49B40AECD6A775B286E7193C466DBD915A6D505D2F2145557979130A5568F3A4AFE81ABA7140B330539A2C2679F928EBA2BBF7112052C3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....|.].........." .........................................................0.......@....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-S0KNU.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.780444478337169
    Encrypted:false
    SSDEEP:
    MD5:98C7553268014D1A9B4B451EC44292E4
    SHA1:07B03A88258C5FC97358720CF4142698A3C2022D
    SHA-256:AA48FCE35A1B7AD8C03703C5821DADAA69D1773000505D988B4C0611A9BBFE2B
    SHA-512:09AC5444EAC1AF2717C675C8B23F4B13AF4AAA2E0E61C1B2BFE32DDDD67B610684CB39F3FF475C95ED9EC9314FB70D3CE5E5464ECC56FBC2E1E96CA5B6D43EB3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0......W.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-S3S2M.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (native) x86-64, for MS Windows
    Category:dropped
    Size (bytes):162800
    Entropy (8bit):6.069187086868903
    Encrypted:false
    SSDEEP:
    MD5:9140B197BB368222F405B46268188DB2
    SHA1:FAB0DFD29D8342A557EFABFF7407A5CC9BE182C4
    SHA-256:D920B56ABC1D50DEDFD69BFAB9062881E5EE9A927388F61E128AF7630EDAE25E
    SHA-512:E142ECEAC8F50ADD0F869B66B28A34FC9A6885011DCE895710C2082D1FFCA24E9B20C4F5251A5A3D3E5C1562C1A8A6EBCD8C9A311B6F308A4266BD03A5E036CD
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..[[.[[.[[..).Z[..).\[.[[..[....K[...(.Z[....Z[.Rich[[.........PE..d...|".e.........."..........:......p..........@.............................`......S........................................................@..P....P..p....0.......*...Q..............T...............................................P............................text............................... ..h.rdata..T...........................@..H.data...d.... ......................@....pdata.......0......................@..HINIT.........@......................@..J.rsrc...p....P.......&..............@..B................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-S5H0H.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.606475056734161
    Encrypted:false
    SSDEEP:
    MD5:F93D49AE8A2EAF16B551EE0A4903AC66
    SHA1:CC10C5EB8C52F4DEA38415C4842E812A447F991F
    SHA-256:866A0EE8782F846325695E6E55D2F507A72B8C3941CA1EFC6BB89EE13C5E2A2F
    SHA-512:DF55876D37CD731F36E1C5C70763DF6566657217F3C7D217787E6724F5635398134CEECC4FBC6E7357BD8EB36C613276650C229C8A864B7276CAB624F5937D89
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-S9VJJ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):295736
    Entropy (8bit):6.607373326821645
    Encrypted:false
    SSDEEP:
    MD5:51C67956A8CF9C4285A020A3314AC72D
    SHA1:9F025BEAD6AFB71D2ADA7FD2C030E47AC249DD51
    SHA-256:E6F94FB3A3DBB2404524A82D37FF68C5E121BA3295A013A1FED371032A35E150
    SHA-512:DABEF30C52787435D7EEB84E51F665C489DA0D7AC0F0BD8B6BC4BD71CDE3C9793C8881F2AFA62C62085A9CE2B5536F8AADEE0D510DD2F18029EB153FF83E6BBC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L\...=..=..=..EN..=.ZH..=.ZH..=.ZH..=.ZH..=..O..=..=..<..H..=..H.[=..H..=..H"..=..=J..=..H..=.Rich.=.........PE..d.....d.........." .........T......`I....................................................`.........................................p...L.......,...........0[..0-...Z..8)...........[..T....................]..(....\..8............................................text............................... ..`.rdata..............................@..@.data....*..........................@....pdata..0-... ......................@..@.dbld0..`8...P...:..................`..h.reloc...............H..............@..@.rsrc................T..............@..@................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-SB1JP.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.6189120364031675
    Encrypted:false
    SSDEEP:
    MD5:FA7D25B2FDC5D2FE825FFE0B92018BB0
    SHA1:878CC753B60B38AB1563FE7DE5FC121C70648967
    SHA-256:E21740D86814583E10F1831096E089BEBBD5073F6F0DEB3EC53C8661E4B7363B
    SHA-512:E0E231F284F51D08DA73AFD8F9D328CCB66DEAE7B2E049C18BC8F26CC0330E2F98551F7350BA625F57E75DBB91ECF5630A03B2C2D5064D46861D7802441F61CA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...W.{S.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-SELNG.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12816
    Entropy (8bit):6.613398783135292
    Encrypted:false
    SSDEEP:
    MD5:C0C1F885BF86C487ECF9608CFAEA3447
    SHA1:7AE85086713423333B1A4DC45DC79262A7B714BE
    SHA-256:E1E33D9F38F5E477C9763A7367B31321AD8E8ACD572CA623EC84421D17B511E6
    SHA-512:367F5DBFA06B534EA12FA19FE0911E1FA209668A40306632823B71F154B6DF28A7AA09805BF88BE7D7076E817384F450209D47830476B7A495C7F701CC3F61EA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`...H............ ..................."..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-SF2F5.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.781166102734201
    Encrypted:false
    SSDEEP:
    MD5:42F69033B73661BDEAE4A075C853D2EC
    SHA1:2311528C88BE1810D63E040BDA9B9844C7A69A39
    SHA-256:00D3A4A87687D32685F91474FCE5C10C4CD659D1000C80D6ACD24881911EBF48
    SHA-512:3772DC579B1662F63D8B25DF410754EA19F62DCBB8190BABEADFE8476FD921EEB36FC784296006D45F4587F40331E037A5C7C8A21344AD67BC3869E97274D3AB
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0.......M....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-SGQL5.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:data
    Category:dropped
    Size (bytes):3976
    Entropy (8bit):7.94576823118741
    Encrypted:false
    SSDEEP:
    MD5:63902D129C999158F538C746D3E39FF1
    SHA1:D44C6AA49151250B658B149BD3A921BD053868B5
    SHA-256:09BD573D367ED4DF6058DD97EBF93176528AB28D88EDEA63F673F1113A31590B
    SHA-512:9C32BF42A861045020CFF13CEBF266004BF4DA94C218BC537480B6B5353B9527CF9E472302603B524C7E4EC17DE2CBDD47EE180EAA2EE3F2597752DA0490DAD7
    Malicious:false
    Reputation:unknown
    Preview:Ws!?..... ........................bT.....x........ .. ..RSB.....^.JD.+.WdY.S2.?R.."...lIvB...Z.....z;Fo...KO..BId.....8..J.7a..Xb................ b..[.?%ppM]JM..?.g ..Bg..yG....fT..EM;{J......y.-A<O..z.;..7..n.u.1...0...B.q....~.w..l..Z...@~q4[.Dv...y....d.-..9.HW...B.qS..(.uZt.e..\.+..4...7..!v.{.?.<:..-...~....W}#"K$.s.e..z<..+e..../.$.(:.P.9...~.Ea....;.>D.w........Nc..G.........gO,g8Xe.G;p'.Ex.`..p.....D..-.R..#..X.....A.....6..8x.#.1.7......Y.`{..H.&.`...I.m.4lx|g.L...-.U....J.$.m.C/...b...J..s.'..p) .w..np.......5N.S...}B."J.dKE....qC.x;f.I.N...8~].....D.t..((......y .B....u...O..w....x.K.....X.u..i.zV...%;..o#%f.....9.Cx..........0...$.t.z.QXR........F=......W.q.e8S`.G...,NTJZ_..{..M....k.P.8I.q...K....).'.dh$.u...s...D.N....z...>5..Nij...`..".h9S..._B......vQ._...O...h&..<.......5...s)......f..F..G.`D..c..%^......SH...sc.t7.:.P.......7...T....7.F.5."(KG...J.m.U.......4..x.8.(O...u.6.C..2.X.....$n...|@.z.).w"@g@..X.MT..A..K

    C:\Program Files\Topaz OFD\Warsaw\is-SRETI.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12816
    Entropy (8bit):6.615946138594031
    Encrypted:false
    SSDEEP:
    MD5:0BDE6DB4EBCBB3E639A0439B19559D34
    SHA1:8D17B3CE9621C690313806A82F1125E9EFCE30F2
    SHA-256:6D18EC951741BD2738B62C5DCCED6C9F8B9622238A26C4802556BDB8DF8A1DD0
    SHA-512:E2D6F60AF8DD94A060824940E4389896D3CE219408E262FD05D25FB25FBAC58C47EAACA2BC37F02EBE7339DFFF7C3E4E7098959532C3B8B05EA0110C13F9DC00
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0......;]....`.........................................`...H............ ..................."..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-SSPGO.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.781760700762744
    Encrypted:false
    SSDEEP:
    MD5:079F7E45244F41B7FFD30FA94A2A0C5B
    SHA1:08741BA96CA29774BE014D74A8D5D3138C984EEB
    SHA-256:C25C12DA448D2EEDD11A58DC41103357A023F582D35BDC6D32B1397C880FEFE8
    SHA-512:92D22EEEEAB48F87AF98DAD7F7A73A6CFB962FC67ED32ABAEF219AD842146E9C3EE4DB1F1081C0BE6613E75640E564A3218101C92A7A7A336A36106D92299066
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....4|..........." .........................................................0......x.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-T08P3.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):2155320
    Entropy (8bit):6.66388593081024
    Encrypted:false
    SSDEEP:
    MD5:48ED3E437C64CBB9AE0ACFF64497C7A0
    SHA1:40CE53E52269C22B5D99B416FBFBCFB63DC12DFF
    SHA-256:38F7040B2C799AE54124DDB097E442C9986D2756075CD181F849F203101A4F5D
    SHA-512:D361D9931D245F44ABA14D1F37A83C5E2C8B11E144F1F349D712E5D807E8D24E5B44CA421E7D2F6A2A21258FD828F1F5AE5C854C372B1A6B7746B0ED4F8A60CB
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$............`..`..`.....`..d..`..c..`..e..`..a..`.Q.a..`..a.L.`..`..`.F.d...`.F.c..`.F.e...`.F.`..`.F....`.....`.F.b..`.Rich..`.........................PE..d.....e.........." .....L..........p........................................0!......<!...`.............................................8...H...0.... !.....0...0..... .8).... ..(...X..T....................Z..(...`X..8............`...............................text....J.......L.................. ..`.rdata.......`.......P..............@..@.data...pm...@.......&..............@....pdata..0............T..............@..@.dbld0..`........ ...j..............`..h.reloc...(.... ..*.... .............@..@.rsrc........ !....... .............@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-T585E.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.626369956132994
    Encrypted:false
    SSDEEP:
    MD5:04EDE6B39122AF646BAFC812BEB843C7
    SHA1:8E7F49B06BC6B5D55007102E8BB4558900E96B57
    SHA-256:1C8450668F49FEE4DE8559F312F7CAAF7DA26216B92D5A4C26493D8188DAD9EB
    SHA-512:FD348E7E90310EA1E14686EA3A3BA3B3584E2EC1BC659F40F70F87DD729530868C44FAD40D941A5724A4FCCAE0A7F1AD3E45F5CE9914E4DA055E9BB9A8B2AD10
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`...<............ ..................."..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-TB7UC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):17936
    Entropy (8bit):6.404137552120944
    Encrypted:false
    SSDEEP:
    MD5:2D7B04CD3E93F0C32BC999A8DD06CA31
    SHA1:2046473BFD777C1780E2FE51C840CA59CDCA8B8C
    SHA-256:B8A352807A073F0D676C862812EB768744130C1553970FE1A32EEBFF9B55AE28
    SHA-512:8A1C85504328F9F65A828D13F932BD6C7DB45736029F123C4E624FB77FEE8C7CEE4404224AC915C2F3B0BCEE0822BE5295B1DAAA290C269CC4008F4F31C2B862
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....v..........." ......... ...............................................@............`.........................................0...a............0...............$..."..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-TIL59.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):379704
    Entropy (8bit):6.039261805924366
    Encrypted:false
    SSDEEP:
    MD5:19A81A67C358192F4F0A6EBF066C6370
    SHA1:3CBCF908340D6A19EBFE52EA5844288B0D6D9A03
    SHA-256:126B1D7C5DC1B283DAE236ED61023EFE0DA7377E98D5F3236EDB8F5960D9C445
    SHA-512:EB8007E6E9EA57818F718E3428FA9FB7D31AA1FA6837E84406AC0FF15D76702D449F2FD5272BE7EA251EE66034D9F0F2760CC93349E2681AA8CB29AE14270D8F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8h..|..J|..J|..J.{.Kr..J.{.K...J.{.Kn..J.|.Km..J.|.Kv..J[.J~..J[.Ji..J.{.K~..J.|.K9..J|..J...J.{.Ku..J.|.K}..J.|.K}..J.|.J}..J.|.K}..JRich|..J........PE..d...0}.c.........." .....P................................................................`............................................P...@...P...........0....&......8)......\....f..T....................h..(....f..8............`..0............................text....O.......P.................. ..`.rdata...K...`...L...T..............@..@.data...............................@....pdata...&...p...(...4..............@..@_RDATA...............\..............@..@.dbld0...2.......2...^..............`..h.reloc..\...........................@..@.rsrc...............................@..@........................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-TL64V.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12296
    Entropy (8bit):6.6985757976826354
    Encrypted:false
    SSDEEP:
    MD5:76086FFC31AD5179A3E309751CC7C9E0
    SHA1:E65F74F6FE1303CBAE08AECEB9F66F97EEC10BEB
    SHA-256:CEAF195F67F139C032D8A882171CED22376782A6C733D5F2F903590069E35D05
    SHA-512:EF7CCAF89C1C02CE84F1D23786689066B16310BC7365F6D8546B6ECC44BD2B15C3E4817308F6D39AD43E7F7215180E283D8EEFF8D70A5E5F3CB2CA0440C37A17
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....m2?.........." .........................................................0...... .....`.........................................`................ ..................."..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-TS8A4.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.602619525772672
    Encrypted:false
    SSDEEP:
    MD5:E2686222CF81F2ADE726D5B7D61717F4
    SHA1:8ABAF7CCC964A49A0A49D3A2887FFAC7A3DDB64A
    SHA-256:58B2B1272AF9351306356A097499390852EBA5C429A148283DDC80117980C13A
    SHA-512:DAF4149ED1FF432970B8FAEDB3120DF24E9BA424B0D0668A5BBE04BFC0F3390DF718328FD7665F3DFBBA0FDA037032F5222CA6947B4879DA544B1965696506E0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0.......w....`.........................................0..."............ ..................."..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-TUF46.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.692189873580496
    Encrypted:false
    SSDEEP:
    MD5:702AC7A4AB64915313B08CA5DB5132E3
    SHA1:E177AD1FB6E54507454BC265B6ABF528C7F71BB1
    SHA-256:01A4EC466CE60FF44BBAD1C1BF3B5F18B8CD55C2033DA036AED9B8A39A35B237
    SHA-512:7481CBB98CA7D3237171BB72D1779862C816F1F48045765F4E3FC09DEF73DA481063E493A1FDF09D0EDB6CE15E32D3C467C70C173080FD82F0CA0F9B9C9B61FC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....B.d.........." .........................................................0.......u....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-UCIJQ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):999736
    Entropy (8bit):6.68025524617319
    Encrypted:false
    SSDEEP:
    MD5:6178A839082F65CA09FBF5F46875A771
    SHA1:44AA56EFB06E7C6263C37E4C0D2CAE95BE83D85A
    SHA-256:BE40B3B8721784341B779EF54061EEA7DCBEEF3D9BBD6691721C47E19494D082
    SHA-512:EC15B45C7FC37A28F802E161AB114D307E9E270CB91A0D4763BCBF7C2D59FB94D269963A36205FB9A98D78695FA92635C29BF1468F2AB762A5D81ED5B3CC8C7E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........(.{.{.{..-{.{..z.{..z.{..z..{..z...{5.z...{.{{..{".z.{".zd..{".A{.{".z.{Rich.{........................PE..d.....e.........."......@.....................@.........................................`..................................................{.......@...K..0...dw......8)... ..p....:..T....................<..(...`:..8............P...............................text....>.......@.................. ..`.rdata...[...P...\...D..............@..@.data...xP..........................@....pdata..dw.......x..................@..@.dbld0...............0..............`..h.reloc..p.... ......................@..@.rsrc....K...@...L..................@..@................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-UJ7L5.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.730976267938854
    Encrypted:false
    SSDEEP:
    MD5:A1604DAD4871DE45227D7E450C332416
    SHA1:E9BAED80B78661CA7CFE60EEC7D2A13695D1032A
    SHA-256:9F35B8CB55697ADC8558B316F4BE899BDB15DDBF0A290D12ED0924CA1ECB711E
    SHA-512:D233EEF47F6E8FF01061C53974F2D1F62668D7C5B68E94ECADBE962AC204E8BEAD050D8DA8BEF24D50134F0BC25FFF434D2A80F751EFD46734325F80E75BD59D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....}A0.........." .........................................................0............`.........................................`...P............ ..................."..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-UNS0G.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11576
    Entropy (8bit):6.663280789944832
    Encrypted:false
    SSDEEP:
    MD5:3894F6DE1588840F9282246D527CB077
    SHA1:BED0EDAE7EC79A72077913A3620337CC5E854067
    SHA-256:6199098A9054AA37578BA1547028424B1026AE604D3F4F1F745FB88B60B1AC27
    SHA-512:AF4567489CDEC971656E1BB4BCE0CF6AA71CA7053B47ACBCD78DB82584525C846C0456D1CFEA101D61D5F7DD5A13FA26DDF4E7B81EC8A917ADD8DEA07CF4436F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0.......w....`.........................................`................ ..................8!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-V2BBJ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.736873413862195
    Encrypted:false
    SSDEEP:
    MD5:E9BB03E93162267E3DC00432C95606EB
    SHA1:9062FFCB9E13A5E52D27D7120286E53D3498871C
    SHA-256:0B419499A5179F3D6CE68E87497CC4A8B8B8829B29EC7726331A6BC5107E0580
    SHA-512:B514B6ACF7407660B8F2706C555AA46F26A95FBBC15C0F98EB89A6DE75B83BB8045A2A44D224BF7D866A85C241382B03A702DBA161432361B8874CF46413F83B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`...\............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-V4FD9.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.621488233135512
    Encrypted:false
    SSDEEP:
    MD5:ABC63F8B93596B6DDBBF5FE1FF97913E
    SHA1:CC5BAD92ACE5DCC684E0044B10DB2C5C950162C1
    SHA-256:5DCD30945AF1FF0FE4D229CB37A2FAF9461F5DAEEAF683D375379C1D4BBF00E4
    SHA-512:8266D6C18833342CD766F85A8606FC874F6F48F759D496EF70A2D27AC0158783E19EE9AF30F43D4F7370BAF36F39E21FC9F6058FDA055ACA7AC025AAA4AAA3BE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...T............." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-VF293.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):362296
    Entropy (8bit):6.154775521766482
    Encrypted:false
    SSDEEP:
    MD5:BDF559D597AAD5302E93017BFC2B94D5
    SHA1:B946481DE03286B17D78856D6D3802F255E41564
    SHA-256:F9791BA69339303BE8EAAB4C493E28E51AC9047B65CB1E5EBD3511CF1FD3A39D
    SHA-512:CD5D2EB531F412285C3D1772F232BFB11D27CD054AB99E6811B4C9C8AB46E0511CE961DC25F8F55F6173A3F6DB3A28B7CCC552E09709BC4727AFFDED239C4CEE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........i...............pk......}.......}.......}.....................z.......z.......z.......}......Wz..............8}......8}......8}......8}......Rich....................PE..d......c.........." .....F...........E....................................................`.........................................0Y..H...xY..............0{...(...^..8)..........8...T.......................(.......8............`..P............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data...8............d..............@....pdata...(...@...*..................@..@.dbld0...3...p...4..................`..h.reloc...............P..............@..@.rsrc................X..............@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\is-VOV28.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):1020776
    Entropy (8bit):6.652070785187489
    Encrypted:false
    SSDEEP:
    MD5:E3E6F8CF136910305DA93F81101177A1
    SHA1:375BEFF676D1823A67E7C9CD4C1F5FEE23AEA291
    SHA-256:AEE341007B9149282E99B95336BC627474E85D36176FC240AE66EC12FEECC169
    SHA-512:1B0284E837E6D0391054812FB3FCFA28C1C8DFD969D00802C07865D9BC9B4BAE777B60904DD00F7DA6A1431B00117C154A89D1C4FDEDF24C475B0EC068255137
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Qp...............ib.&...........Ny......Ny......Ny..$...Ny..H...Ny..-...Ny..^...Ny......Ny......Rich............PE..d.....\.........." .........^.......6....................................................`A........................................p.......d........................N..hE...........i..T............................2..............h`...............................text............................... ..`.rdata...t... ...v..................@..@.data....$...........|..............@....pdata..............................@..@.rsrc................<..............@..@.reloc...............B..............@..B................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\local.data

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:data
    Category:dropped
    Size (bytes):360
    Entropy (8bit):7.096694402227434
    Encrypted:false
    SSDEEP:
    MD5:F3E49F352BB2AE7F461D8F4161E99BCE
    SHA1:D7585764254738C96CA8500BBF7DF6939011E4F2
    SHA-256:726EAE43E62DD1CA854732652011BD014266F19E4FFF86231FB481C29E496A6D
    SHA-512:01A963F84DC4C165F4458D86842C817F1E81AFA33857A4940700D1BF4DDC3FC4E006FDA8BCD0C152EEF73AD527CC888A0F24996D4FB64B3D6E9ACBB35BCCA951
    Malicious:false
    Reputation:unknown
    Preview:Ws!?....................................QID........ ..p.....E.V`;..0...^..thYw.m.>..D,...0D..S.5.v..*..U#...[..."..k..._.e.m..6X...q.^...+(>......./.C..Z....E...~.JG.I...I..r..^.51....S.L%&....?H?0z.&.!..^.....<;.....U......(..V.......15..#..k.\........../..Y...3.WE..N..LL.+>...].Jfq...&.R.....z.....<.v...f_~.........(....0.0..q@.i..;n.'D..:.

    C:\Program Files\Topaz OFD\Warsaw\msvcp120.dll

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):660128
    Entropy (8bit):6.339798513733826
    Encrypted:false
    SSDEEP:
    MD5:46060C35F697281BC5E7337AEE3722B1
    SHA1:D0164C041707F297A73ABB9EA854111953E99CF1
    SHA-256:2ABF0AAB5A3C5AE9424B64E9D19D9D6D4AEBC67814D7E92E4927B9798FEF2848
    SHA-512:2CF2ED4D45C79A6E6CEBFA3D332710A97F5CF0251DC194EEC8C54EA0CB85762FD19822610021CCD6A6904E80AFAE1590A83AF1FA45152F28CA56D862A3473F0A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;..h..h..h..[h..h..h..h..Mh..hIAWh..h..Oh..h..qh..h..ph..h..uh..h..Lh..h..Kh..h..Nh..hRich..h................PE..d.....OR.........." .....@...................................................`......a.....`.........................................pU.. ....2..<....@...........G.......>...P.......X..................................p............P...............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data........P...8...B..............@....pdata...G.......H...z..............@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\msvcp140.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5CDE3AED10412762E83B7FE43694A22B
    SHA1:4FFCDF063EAFC901105836C27A634530EA614755
    SHA-256:10DDFF48D704C6007E4C2D53FB4856B5E5E79479503366236246A323AAA76E9D
    SHA-512:FCD7BC262E7BBCBBAC9258E31B8D62EFB2E601AC1FFFAC4C86819C8F2AED26FC19403D992A57D48EC92752B2A0A8B04E8204423D6077C7800EA4015F016FAA23
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................Z.J.....6.......$...P.....P.....P.....P.......P.....P.Z...P.....Rich..........PE..d...'.._.........." .....D..........`'....................................... ......O.....`A........................................p}..h....W..,...............X;.......#......P...x...T...........................@...8............`.. ....y..@....................text...,C.......D.................. ..`.rdata.......`.......H..............@..@.data...H;...p...$...V..............@....pdata..X;.......<...z..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\msvcp140_1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:00BCBB58255D6CBD712E89A3DD0D1810
    SHA1:F93D00A573A880E67C9F5C3D9530D4A1D2165E70
    SHA-256:E10FB192620193CB721516C30533F71CA6B2A4396B48F3858B571143E94ABA31
    SHA-512:6C56FCBB229C4FB0E6F49219BD698F6720804A455B4DEC5309706858491122628E6D1AB9E5F6F32004BD06FAEB48AAF5ED434E8F87D113D3C984B8D00FBA4013
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................l+A......=....f.....f..........f.....f.....f.....f.Q....f.....Rich...................PE..d...,.._.........." .........$.......................................................9....`A.........................................>..L....@..x....p.......`.......:...#......x...@3..T............................3..8............0..0............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`.......0..............@..@.rsrc........p.......4..............@..@.reloc..x............8..............@..B........................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\msvcp140_2.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5338E18979B5DBC62235AAB52307B820
    SHA1:39F1E5D294AE25ADBDA517F07ED536040591E50B
    SHA-256:046739D24A8253914EA8048E2C136CBBA668E62FE5284CC0FF5DB5F350B9DA2C
    SHA-512:A9728E82F7F212D5D1D57849F0C84DBED1BF1A1CD7A373D1BBE4AF276E20C9225282685FA75E28FE2918F4F293D1C1D2564ACEDE4D5A03C99522EC3D0E4AFEA4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}. ...s...s...s..Vs...s.d*s...s.m.r...s.m.r...s...s...s.m.r...s.m.r...s.m.r...s.mFs...s.m.r...sRich...s................PE..d...,.._.........." ......................................................................`A.............................................................................#...........K..T........................... L..8...............P............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\msvcr120.dll

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):963232
    Entropy (8bit):6.634408584960502
    Encrypted:false
    SSDEEP:
    MD5:9C861C079DD81762B6C54E37597B7712
    SHA1:62CB65A1D79E2C5ADA0C7BFC04C18693567C90D0
    SHA-256:AD32240BB1DE55C3F5FCAC8789F583A17057F9D14914C538C2A7A5AD346B341C
    SHA-512:3AA770D6FBA8590FDCF5D263CB2B3D2FAE859E29D31AD482FBFBD700BCD602A013AC2568475999EF9FB06AE666D203D97F42181EC7344CBA023A8534FB13ACB7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ck.."..".."..D...".."..-"...s..$ ...s.."...s.."...s.. "...s.."...s.."...s.."..Rich."..........................PE..d.....OR.........." .....h...:.......)..............................................].....`.................................................@...(............@...s...t...>......8...p................................2..p............................................text....g.......h.................. ..`.rdata...8.......:...l..............@..@.data...hu.......D..................@....pdata...s...@...t..................@..@.rsrc................^..............@..@.reloc..8............b..............@..B........................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\opt

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:ASCII text, with very long lines (372), with no line terminators
    Category:dropped
    Size (bytes):372
    Entropy (8bit):5.499297622554903
    Encrypted:false
    SSDEEP:
    MD5:8078E721919E438335C7BB1BCB60C7C8
    SHA1:FE63E9AA056EDFCBAA3CBB15731206AE1B861324
    SHA-256:A902CCBC429A194914A7458F25E06D1A33A251A557443FE523BF194EEBF3D3D7
    SHA-512:EDEC295ED52E35EEF032ABD359CD012E79A95F9054CC16283D8F85BD1EC0466A7C1BD041A606708CE896C618F96A2ADE63F91DAAE0045D993299E6E946D938FE
    Malicious:false
    Reputation:unknown
    Preview:AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAARhvWBpW2HUWMqLE5PndoMAQAAAACAAAAAAAQZgAAAAEAACAAAAAvjx2J+Xfly4F3CqbCHQmC2zBaZ+28PgWY43FAdBqslQAAAAAOgAAAAAIAACAAAAAaCrJ8AuVxj8mH4QBAj6ycD4ngFBiVOJUWeFP0loAcpUAAAABsGcyDTik2jZ5A1de2XdbXz7PuYFw8R0oBX8syYXYH4FyKgXCOW9V6Mb2uj1voDdw+SMiDJiu7mBKndVMUKsnxQAAAADNfr839wZh9YJW24l+kePdUbSEGax566KjawHMlWV7OXGy08iRUEz95/ZG59LQP232ui861Db1UUTuzV085jGc=

    C:\Program Files\Topaz OFD\Warsaw\ucrtbase.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E3E6F8CF136910305DA93F81101177A1
    SHA1:375BEFF676D1823A67E7C9CD4C1F5FEE23AEA291
    SHA-256:AEE341007B9149282E99B95336BC627474E85D36176FC240AE66EC12FEECC169
    SHA-512:1B0284E837E6D0391054812FB3FCFA28C1C8DFD969D00802C07865D9BC9B4BAE777B60904DD00F7DA6A1431B00117C154A89D1C4FDEDF24C475B0EC068255137
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Qp...............ib.&...........Ny......Ny......Ny..$...Ny..H...Ny..-...Ny..^...Ny......Ny......Rich............PE..d.....\.........." .........^.......6....................................................`A........................................p.......d........................N..hE...........i..T............................2..............h`...............................text............................... ..`.rdata...t... ...v..................@..@.data....$...........|..............@....pdata..............................@..@.rsrc................<..............@..@.reloc...............B..............@..B................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\unins000.dat

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:InnoSetup Log 64-bit Warsaw {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}, version 0x418, 103183 bytes, 849224\37\SYSTEM\37, C:\Program Files\Topaz OFD\Warsaw\376\377\
    Category:dropped
    Size (bytes):103183
    Entropy (8bit):3.9353416741685185
    Encrypted:false
    SSDEEP:
    MD5:1CAF8988CD4C8C12DE428A69C8313370
    SHA1:55804C2E0F8707ECA4D948C709848D5C02DA690B
    SHA-256:1CD209A0C14C30BD8FE60305AF47A0FC805D5C1E44DA80CE3013E3CECB634F66
    SHA-512:DFD22DF102C235522942670FEDC43299092BDF856D3CAB783C489C46892F296D3A40C3F7F134DBA8CFBE60DA056AEDE63241D42D1F26B8C241CF2EC0BB137D03
    Malicious:false
    Reputation:unknown
    Preview:Inno Setup Uninstall Log (b) 64-bit.............................{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}..........................................................................................Warsaw..............................................................................................................................D........................................................................................................................Z.z.........j&................8.4.9.2.2.4......S.Y.S.T.E.M......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.o.p.a.z. .O.F.D.\.W.a.r.s.a.w................#.#.|.. ..........RT..IFPS....3........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM......................TARRAYOFSTRING.....................TFILE

    C:\Program Files\Topaz OFD\Warsaw\unins000.msg

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
    Category:dropped
    Size (bytes):24023
    Entropy (8bit):3.275763899864317
    Encrypted:false
    SSDEEP:
    MD5:4460AE1278333AA5BEDF9AB8D14CDCC5
    SHA1:67DA60BC1FB6C90A91CAFCB6E5E03AD50600BB7A
    SHA-256:1D5405C49DB05D5E0B40B6BC7004D17B4D289302DF33F10AEF86E5ACC506ED95
    SHA-512:31658614FA963029062AD7B99663C64D8989D5B35E0863BABA174DD72A17FF36C2C06811D2D5698D0DBFC8B67E8CC77B3D6D1F6AE8DB80F2FE71296702967B0E
    Malicious:false
    Reputation:unknown
    Preview:Inno Setup Messages (6.0.0) (u)......................................]..u...+...C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.

    C:\Program Files\Topaz OFD\Warsaw\uninstall.dat (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:040E749C32AD12404721071A46418F36
    SHA1:3CD54DD87E0479188E06F1680BC0CDFF81C0B06F
    SHA-256:AB85C22711AEBE188EEDFE8051B6DE63422373EDBDDFB0750EDA57BFCCF87C42
    SHA-512:984C087EE8D7527F45FD80CC76B010C5F5B6C9A5298F88A08D3D8F378CB3431DDC2FDFB63AA349BFC1A9F62C46982D722132D55CE7700D2AF54AE58A65940AF3
    Malicious:false
    Reputation:unknown
    Preview:Ws!?....S................................<%..... `.. .. ..X^K.....[.DD...QeS.Q3.7^..!..:.Z!..^}..n*...o.&.@C....PO..&..`H....-.I..'lk.8.nup...Q..y....#....d.!.M..h.H..&#j_....g....... ...,V.a.q.......n.$.Cw..}...C.._2B.2;T...1.%....h......<..g4..I...e...(.p.y..0dC.,|..<...&....cx.......h>..U.K.....?U.D.%7.R...+ .n2b..../...Qy...|.q.\F8......h.<v4 l.e...3^W.ak.3.}..U.....NZy.........3A...[D.......Bn..M..q........>......$..IA.D|....cM.....5."1.M.%.%..0.n...[.2..j.pg.k...C...;l........mf.1._....]..0...t.%.2.'.{1..........>..c.........[.6..u}.e.......0..c..p...y...f+.M.&.....b..$.>..j.......VK...m.J.-...4m..q..~.w.O[ET...\s7..r.....+..m.........qL ....Cv......&v..q.^A.nxl....}`......Q9..zO.....C.>.+.EN.o..../!nZ.........".k.f..49....m.VKw....A2...N..B....%.....;......z....!...F.m....nT..t.....6z.b(|...@!k.}p...[h;<.`.{{../.E....9.r.=HgO9......l..k..)~..z`....,[.x...E3..-...*.C.

    C:\Program Files\Topaz OFD\Warsaw\uninstall_core.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:DC1757C0BF4DEBF5BDD22F1C22C2EA31
    SHA1:10E1B740CB9DB425C54F6035E1664C232E5157B2
    SHA-256:0D74AE74C13EA642FB41EF382646E081BE697B78BCA3E6D49B05667351C47751
    SHA-512:86CC48143E21BB30ADE35C5D7D7787A6DEB3029AEC92E7772A87858E72A9C4E82FCA1955887501B3357BC4CB81EBCE28859B2A069AE64E2FB78737A97AED9F20
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........'.d.t.d.t.d.t..#t.d.t...u.d.tO..u.d.tO..u.d.tO..u.d.tO..u.d.th..u.d.ti..u.d.t...u.d.t.d.t.e.th..u}d.th..u.d.th.Ot.d.th..u.d.tRich.d.t........................PE..d......a.........." ....."...........r..............................................?.....`..........................................}.......}.......P......0...........h....0.......F..T....................I..(...PG..8............@.. ............................text.... .......".................. ..`.rdata..Xl...@...n...&..............@..@.data....Y....... ..................@....pdata..............................@..@.dbld0..<............6..............`..h.reloc.......0......................@..@.rsrc........P......................@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\uninstall_mustache.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:3FE2BAC51F799EDE47D7C06EA3ECD1C9
    SHA1:94EDFA93644A5727DF90A4098AD030A51A2B8113
    SHA-256:CAB4AB69A1AF232B283162565354E6D70E09EC7FD186B1752557A28EB0AA2EF3
    SHA-512:10ED3101E5894226A2C08AA849540117D7D3DF256DA5A0BC98C2ED8E9B98A09575A19DA9FCD8FCBF6372A8C10A2A93FEF0EA838B306344272DBB2C5E6D29FFA3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......U................/...............................................J......J..........!.....H..........C...........Rich....................PE..d.....&`.........." ................pJ...............................................*....`.........................................P9.......;..h...........0[..Tx......p...............T.......................(.......8............................................text............................... ..`.rdata.............................@..@.data....Z...p... ...V..............@....pdata..Tx.......z...v..............@..@.dbld0.......P......................`..h.reloc...............t..............@..@.rsrc...............................@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\uninstaller.exe (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F431DC21C66E5A92700E678FC94ACD34
    SHA1:8A5092A264B3F11572C78DA9B023982133C71BCB
    SHA-256:65862B007570EC18E552FA11797A30BA5724F83B075FED02ADFA8D147790DA4B
    SHA-512:92A9A87AD4EB4F23B2B8A923387C4C442B3AEDC5319ACE4D011392CA43C25D5FDC7AA1FB7E085ACA1215819C3521D140F460BD99B00C6332BC70F4FE2ABDCB6F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......N.4...Z...Z...Z.......Z...^...Z.X.^...Z.X.Y...Z.X._.+.Z.X.[...Z..[...Z..^...Z..Y...Z.._...Z.._.g.Z...[...Z...[...Z.._.F.Z.....Z..X...Z.Rich..Z.........................PE..d....[.b.........."..........&.................@..............................+.....V9+...`..................................................-........+.....0.*.......+.P)....+.L&......T.......................(.......8............................................text...2........................... ..`.rdata..............................@..@.data........p... ...R..............@....pdata.......0*......r).............@..@.dbld0..4.....*...... *.............`..h.reloc..L&....+..(....*.............@..@.rsrc.........+.......+.............@..@........................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\vccorlib140.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0248B7DF1783F7D15C17139C2A8E5476
    SHA1:F868D77E740F714348582ACA818535472E923E18
    SHA-256:D79236E5EF69F842451FDB1A70C4C51295B01405972E943A624719219EA5F7E8
    SHA-512:7FDA2942A50FB137AB53C61E17B966D01C86D205B26D08B5842327F5C3803F714DFAB855F86B468B2F8ADA8B69DDD3FA8E4DCE896668B1BF28A6C560F7738E76
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................#..............................._..........................O...........Rich............................PE..d......_.........." .........f......P~.......................................0.......7....`A.............................................>..t...,................ .......#..........`...T...............................8............................................text............................... ..`.rdata...v.......x..................@..@.data...(.... ......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\vcruntime140.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7942BE5474A095F673582997AE3054F1
    SHA1:E982F6EBC74D31153BA9738741A7EEC03A9FA5E8
    SHA-256:8EE6B49830436FF3BEC9BA89213395427B5535813930489F118721FD3D2D942C
    SHA-512:49FBC9D441362B65A8D78B73D4FDCF988F22D38A35A36A233FCD54E99E95E29B804BE7EABE2B174188C7860EBB34F701E13ED216F954886A285BED7127619039
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(r%Ml.K.l.K.l.K....n.K.ek..g.K.l.J.@.K..bH.a.K..bO.|.K..bN.s.K..bK.m.K..b..m.K..bI.m.K.Richl.K.........................PE..d...".._.........." .........^............................................................`A.........................................1..4....9.......p.......P.......L...#..........H...T...............................8............................................text............................... ..`.rdata...?.......@..................@..@.data...@....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\vcruntime140_1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:AB03551E4EF279ABED2D8C4B25F35BB8
    SHA1:09BC7E4E1A8D79EE23C0C9C26B1EA39DE12A550E
    SHA-256:F8BC270449CA6BB6345E88BE3632D465C0A7595197C7954357DC5066ED50AE44
    SHA-512:0E7533B8D7E5019FFD1E73937C1627213711725E88C6D7321588F7FFFE9E1B4EF5C38311548ADBD2C0EE9B407135646593BF1498CBEE92275F4E0A22ACE78909
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................].l...W................W.....W.....W.....W.....W.|...W.....Rich..........PE..d...&.._.........." .....:...4......pA............................................... ....`A.........................................k......,l..x....................l...#......<...(b..T............................b..8............P..X............................text....9.......:.................. ..`.rdata..@!...P..."...>..............@..@.data... ............`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..<............j..............@..B................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\ws.dat

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:data
    Category:dropped
    Size (bytes):3912
    Entropy (8bit):7.9480359513663466
    Encrypted:false
    SSDEEP:
    MD5:B1D93F898306726B3CA7926040FC68C0
    SHA1:3D1D481410556B8F7A0655C6D2DFDCBECB731A17
    SHA-256:6110F1F10910873095375F4521446651D93B2D43163818485F21D7254F23D5AB
    SHA-512:FA3AF7C55EE8E774BE5AC08923700DE103EFB2F45980E091386C943E66DB8C2F9ED653702F9A8173AE7A52D8E89CA3264425BEDED1CC7B6F92044C8B7C35D2F7
    Malicious:false
    Reputation:unknown
    Preview:Ws!?............................|........;o......0...P. ..{3(.|B...].9......3cU......G..<..N.,&Tu._.Bj...`".........Qe..s..d.....H.|....P..k......U..u.....,.}Ut.9..=m...l8..0.e>v.*#.By..7i.~..}?..3Q...8....%..a....3.c^.. ..:..b.w*".l.j....L....d.~~X..`^...XsG.j.QO`.<...`. ][[J?...~44.J:......w.MK.;.]..B..`6E.).4.(..5..<'J~.l.F..L..O....~..B...P9....2h{..INEG.gn...<...*{...^..+.!...S.Q..}Vy...DJ.cM.&..b.....x@xs}..C....D..Aas~..'...-....J..N!U..J9.1.^v....o..4.......Z......9B..%}.l.om......}]E.p..4iM..^..%_=....(...~...$.1.$.X.$...pa.....K...zFJ.......!l.bWVhi.a...:#..[7 .,......CI.. .m....!..6..Z~&u.h....P.tV.F:.k....bi.....E..W.c.K...^:5o..,.$Ps....h.&...x.1.G.fI..........;@..cT6w).....9...A.n=.s.5.F_..9z..~.=.....a.C..'C...Q......G..K...a.-...~D....a2...>.j.2k.{H..x.v.@......c...Rf7.Im..{...W...F.5.........}...".....sD.H...u..Ge...%...Bz..,...4..i...."jc..R9#0L).l.ix9-....g..V .N..#*.]|.Q.I...j] u...tSj.m[2./..N2....=..Vy..Q..P.,../..|.iU..

    C:\Program Files\Topaz OFD\Warsaw\ws.datr

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:data
    Category:dropped
    Size (bytes):1480
    Entropy (8bit):7.841361835812837
    Encrypted:false
    SSDEEP:
    MD5:EBF9AC6618346D854C02AF68F291E083
    SHA1:5A3F960423B8E2D9821186A45CD10D5FFA977280
    SHA-256:07ED452AA3F5E29187501232DDD8A01635A6A860959CC821BF815DBF635B7E2C
    SHA-512:5C0C2BECBCDD6DF37D39B62292C7CD6521ED5D784C1B24528726FCE9ECB621D6E178A17094AE74A7925105D1AB201FDB4CC7E0FE145A04B14096FB516B0507DE
    Malicious:false
    Reputation:unknown
    Preview:Ws!?....2.......................|.............p...@a.r..US1..rr..m.f):.Z.j.~C.....IvK.S.>...,T....l'>x..a.'.p....M.(4+...u.Mh...,..U..> ..`Pf...UN........ .,K..g.....U.[q..U.:..P.T.T......\..%..k4.!0.u)|..-.T....AG.2.9&......;j.).^.-..Nr.Z].z.Svi..l.....o.{j.S.Q..:..@....A8....5.KM}..:.o|u"(.b.fE.....G..C..[.B.(f.&....6... ..V......q>.W.^.V".7f...\....V.....oP.b2.D4. ...@...,..WAh..'$..-...g..+.o.....u> .U0.r...m.:.B.X@.....q0.s.J...E..;_...W;Q.:...al...$..Rr=lj..40....`....m.l.,k.U...h...zg.4.e.B.O?..w$zy.-oX.`..K.-h..X.D....D.J.[1W..p]..K...8..X7.GZz......'.0...q......S{.m ?S|.l.A../........B7.v...2.b.1........-.......zp...c^.....R5..r..{.E..M.3.8t...Q6...p-6.._.^..Z.....N9....x...$&R...h\&...N.u..m.Q...Q/...s.....gb.O.....H..%..S..lU..k.^.."g.l.Ij55.X.*G...X...~)c.4fz.W..=...4.y._O..j.....]2.@P..gX...a..m..i....C8_.|....9.6....a..7..#R$.g.....]..0ED..z.dX.9r.g...J.d.f./......v'(wu.....Mt+....}.....66S......HsN0x...J....Q.#.n.;...Vk

    C:\Program Files\Topaz OFD\Warsaw\wsaxbco.dll (copy)

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:46060C35F697281BC5E7337AEE3722B1
    SHA1:D0164C041707F297A73ABB9EA854111953E99CF1
    SHA-256:2ABF0AAB5A3C5AE9424B64E9D19D9D6D4AEBC67814D7E92E4927B9798FEF2848
    SHA-512:2CF2ED4D45C79A6E6CEBFA3D332710A97F5CF0251DC194EEC8C54EA0CB85762FD19822610021CCD6A6904E80AFAE1590A83AF1FA45152F28CA56D862A3473F0A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;..h..h..h..[h..h..h..h..Mh..hIAWh..h..Oh..h..qh..h..ph..h..uh..h..Lh..h..Kh..h..Nh..hRich..h................PE..d.....OR.........." .....@...................................................`......a.....`.........................................pU.. ....2..<....@...........G.......>...P.......X..................................p............P...............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data........P...8...B..............@....pdata...G.......H...z..............@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsaxbco64.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:C3676D9CF2F7795E6CD9670C06626B1E
    SHA1:8D2CD4FFDC63E215EFF8B42BAE9C2F0CDCD32956
    SHA-256:0BDDBBAE7995780AA21602222E168B9E7991D8828E4BDA658DE0EC34BF13864F
    SHA-512:68D83B37C99979F36E6DED98EC3E660E699ECE8A9EC8B9063209317E1178F88A064EA117595CE2B2380D58B4491970D0BA7BE9412BE6C7FA41FE1ABBB824CB75
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9x..}...}...}...&q..s...&q.......h..r....h..w...&q..f....k..|....k..~....k..|....h......&q..r...}.......k..K....k..|....kl.|....k..|...Rich}...........PE..d...?y&`.........." ................@...............................................h.....`..........................................&......d'...........p..0........~..p....P......p...T.......................(......8............................................text...>........................... ..`.rdata...k.......l..................@..@.data........@...J...0..............@....pdata...............z..............@..@_RDATA...............$..............@..@.dbld0...............&..............`..h.reloc.......P...0..................@..@.rsrc....p.......r..................@..@........................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsddin64.sys (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (native) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:9140B197BB368222F405B46268188DB2
    SHA1:FAB0DFD29D8342A557EFABFF7407A5CC9BE182C4
    SHA-256:D920B56ABC1D50DEDFD69BFAB9062881E5EE9A927388F61E128AF7630EDAE25E
    SHA-512:E142ECEAC8F50ADD0F869B66B28A34FC9A6885011DCE895710C2082D1FFCA24E9B20C4F5251A5A3D3E5C1562C1A8A6EBCD8C9A311B6F308A4266BD03A5E036CD
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..[[.[[.[[..).Z[..).\[.[[..[....K[...(.Z[....Z[.Rich[[.........PE..d...|".e.........."..........:......p..........@.............................`......S........................................................@..P....P..p....0.......*...Q..............T...............................................P............................text............................... ..h.rdata..T...........................@..H.data...d.... ......................@....pdata.......0......................@..HINIT.........@......................@..J.rsrc...p....P.......&..............@..B................................................................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsffcmgr32.exe (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:2A75570FB226BEB0934DDC05425349C2
    SHA1:A2A37A7569010F3883A03A91C3C820E8E69F0FAD
    SHA-256:035A811017D56A1E81F41E76DFCA66E931210868E01658004595F4E4530E0669
    SHA-512:2F828EF1E6215F3645E1F492303BC96DAF7E843BE0F78D741EB94E840C4A5C1D5C9669C4660ECA0BA046CD485108040D5F5A2943B2D1C3B33508B4028EBE5AAA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F.(...(...(.W.+...(.W.-.).(.W.,...(...,...(...+...(...-..(.W.)...(...)..(.@.-...(.@....(.......(.@.*...(.Rich..(.........................PE..L.....d.................x..........O.............@.................................w.....@.....................................(....p...............B..8)... ..,O..Ld..T....................e.......d..@............................................text....w.......x.................. ..`.rdata..RC.......D...|..............@..@.data...............................@....dbld0..P...........................`..`.reloc..,O... ...P..................@..@.rsrc........p.......<..............@..@................................................................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:27715128D3D87A927F30C77BDC00F473
    SHA1:8116025F084891BFFDAFA50C65E8A2EF670CE15D
    SHA-256:366915C240F460D75883E7675D2452673C61AB120073F2AA45D45E754A42CDD0
    SHA-512:83D81C923F2E131E4DA196B9D2C999A95601959C603C511208D340F120BE12CF93FD229BBA8CDFB0D35ECAEB7E82582AFDB6C4EB68556D68642BB54D71088DDC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}....H...H...H8..I...H8..IF..H8..I...H...I...H...I...H...I...H8..I...H...H...H/..I...H/..H...H..H...H/..I...HRich...H................PE..d.....d.........."..........d................@.........................................`.....................................................(...........0[..|M...z..8)..............T.......................(...@...8...............H............................text............................... ..`.rdata..............................@..@.data....>......."..................@....pdata..|M.......N..................@..@_RDATA.......@......................@..@.dbld0...X...P...Z..................`..h.reloc...............d..............@..@.rsrc................t..............@..@........................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftbmo.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:CB4DF7E4EB2C23B44AC800DC53D328AE
    SHA1:D1B3F6EA67B9467850672DB08ABD8E84123D22DB
    SHA-256:C26FC5D1FB6D5D172A0624E67BD7B499ECE0904C3E22D4C27C0789A62BB5FE1C
    SHA-512:0272F2A32E4236F4E2E89E23BEA89709C51B1BDBD4A9CB20F44707FBEA1D36ACC1C4A6E987975B54327D64EDFF6D87C5ADD37F4C6B5163616BD757203131C974
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........f.................t..................................>......?......>......t........................................Rich............................PE..d....$c.........." .........b.......V..............................................dB....`......................................... ...H...h...|...........0....6......()...........M..T....................O..(...@N..8............................................text............................... ..`.rdata..............................@..@.data....3..........................@....pdata...6...@...8..................@..@.dbld0...A.......B...,..............`..h.reloc...............n..............@..@.rsrc................z..............@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftdhm.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:758F7E9CB60C403DB66B91E1F74A0915
    SHA1:813114F6A539B8668FA15F72CE279D9A15F71E8D
    SHA-256:5E67AB1F2D27AAEFD8C7956EBED864CFE4BA773C728CF390F1F2B22C51788930
    SHA-512:8A5B1EEB736588E3A9E9DA8478F07BBC2A57A21D0BD77EECBA84885B92A39F32E8AE844B1BABA5540196C87CDBC1390E61FAD3EAA925D548482F631E60A38A38
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......,..Tht..ht..ht..a.}.|t..:...`t..:...lt..:...nt..:...wt......gt..ht...u..O...jt..O...}t......it.......t......it......it..hty.it......it..Richht..........................PE..d...%.ee.........." .....r...8.......l.......................................`......$.....`..........................................d..H....d..h....P......0....X......8)...0..\...p...T.......................(......8............................................text...Jq.......r.................. ..`.rdata...............v..............@..@.data................p..............@....pdata...X...`...Z..................@..@.dbld0...d.......f...d..............`..h.reloc..\....0......................@..@.rsrc........P......................@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftdl.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:52ABAC6500B1F06662908F49DA494B5C
    SHA1:30459B3948D3F675DBB2269499E087F875044926
    SHA-256:19E278127DB27E99C599B423B79585D4B928D536328AEE9231A6BDBCD6A10BBE
    SHA-512:4055F89624F6DD611ADD688E9FB93A13BE28C6DFE7AEEC1CFBA841B7A1478EDF1B018AB5918A3F44B9BE12CBDB547A53C090362D70D422ABE1BC31DE0CEADD42
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........c.....................%.......................................o.......o.......n.......o.......%...............J.......J.......J......J.......Rich............................PE..d....Z.c.........." .....J... ............................................................`..........................................k..H...(l..............0....y......8)..........XD..T....................F..(....D..8............`...............................text....H.......J.................. ..`.rdata...E...`...F...N..............@..@.data............D..................@....pdata...y...p...z..................@..@.dbld0...............R..............`..h.reloc..............................@..@.rsrc...............................@..@........................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftfac.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:CA909D46294B2A2923CD8C047C5E2017
    SHA1:B4AA99B78D798028DF83B8438ABE237D19BF18BF
    SHA-256:2643B15F154A24CFFA2C1D782BC4A89D93E54795E56ED3648FA108EBA10CC008
    SHA-512:A77BBF7E427CE3B673199C79C78CFFE41B5DBF59F15223A28B59CCD1336C3CBDAED252FBD5A227706C9FA84B6ABB7E2D06C19335D9BAF0F4ACD2B7C86A93C8BC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........=%.|Sv.|Sv.|Sv...v.|Sv..Ww.|Sv..Pw.|Sv..Vw.|Sv..Rw.|SvD.Pw.|SvE.Vw.|SvD.Vw.|Sv..Rw.|Sv.|Rv.|Sva.Vw.|Sva.Sw.|Sva..v.|Sva.Qw.|SvRich.|Sv........................PE..d...P..d.........." .....>...........(...............................................V....`.............................................H...(...............0{... ...`..8)......8.......T.......................(...P...8............P...............................text...j=.......>.................. ..`.rdata..`....P.......B..............@..@.data....)..........................@....pdata... ...@..."..................@..@.dbld0..4+...p...,...&..............`..h.reloc..8............R..............@..@.rsrc................Z..............@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftfw.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0802DADBDDB5E8832AD3DBCE8244CE98
    SHA1:B07A04A5BA11D236CC4B558B95464628B3F6F3B6
    SHA-256:CD90C15039C1C61CDC7C8A21E8D33D5567914986BCDC9303A72C00E754A14A08
    SHA-512:992F96C4E08150F70ED41FE1ECD782E041C5FCF1A2830305D4C6FB7D14D953E482CD632101C9FACC18B93E37A14433DDC92F55B15BD763744B5B40F0106E36BC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......]-*f.LD5.LD5.LD5.4.5.LD5.>@4.LD5K9@4.LD5K9G4.LD5K9A4.LD5K9E4.LD5.>G4.LD5.>A4.LD5.>A4;LD5.>E4.LD5.LE5WMD5.9A4.LD5.9D4.LD5.9.5.LD5.9F4.LD5Rich.LD5................PE..d....;ac.........." .........F.......5.......................................@............`..........................................O..H....P.......0......0{..@.......()..........H...T.......................(.......8............................................text............................... ..`.rdata...{.......|..................@..@.data....Q.......$...b..............@....pdata..@...........................@..@.dbld0..p....p......................`..h.reloc..............................@..@.rsrc........0......................@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsfthfm.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E20ABDF10035F1D00C362488CD944A1B
    SHA1:CB825F0B17A66B10852120337EACDB84FD5F377E
    SHA-256:A1BC78B81A683C365126B1237DF1AF10CE19710F4A247921269289965D631985
    SHA-512:878D3A4B732B01F5D24D9186A35620D8EBB07F726EDC30C83F63B2F4F2B8FBEE0A2F86C3B2896B50EB2473346EB45F7C47E386344A8E7C27DAD7BD1669A74DC3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O...!...!...!......!.a.%...!.a."...!.a.$...!.a. ...!.F."...!.G.$...!. ...!... ..!.F.$..!.F.!...!.F.....!.F.#...!.Rich..!.................PE..d....R$`.........." ..... ...V...............................................P.......!....`.............................................H.......|....@......0....Y......p.... ..........T.......................(...P...8............0...............................text...z........ .................. ..`.rdata.......0.......$..............@..@.data...XD..........................@....pdata...Y...P...Z..................@..@.dbld0...d.......f...b..............`..h.reloc....... ......................@..@.rsrc........@......................@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsfthte.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:BDF559D597AAD5302E93017BFC2B94D5
    SHA1:B946481DE03286B17D78856D6D3802F255E41564
    SHA-256:F9791BA69339303BE8EAAB4C493E28E51AC9047B65CB1E5EBD3511CF1FD3A39D
    SHA-512:CD5D2EB531F412285C3D1772F232BFB11D27CD054AB99E6811B4C9C8AB46E0511CE961DC25F8F55F6173A3F6DB3A28B7CCC552E09709BC4727AFFDED239C4CEE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........i...............pk......}.......}.......}.....................z.......z.......z.......}......Wz..............8}......8}......8}......8}......Rich....................PE..d......c.........." .....F...........E....................................................`.........................................0Y..H...xY..............0{...(...^..8)..........8...T.......................(.......8............`..P............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data...8............d..............@....pdata...(...@...*..................@..@.dbld0...3...p...4..................`..h.reloc...............P..............@..@.rsrc................X..............@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftms.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:31BE591B43A50D3D7E250D0C9923A314
    SHA1:A0211C0E4A29A3455A9E1BCCEEEA28F7EADCCE04
    SHA-256:CFBE3DAF7FFF18F78C26735F4B0E83BE6904DA5BDF2BCDDA4AB670AE8F0439E2
    SHA-512:302D47D37BCCE0D07840654676769D85F57DCAA0A137E1EB6B75F663AFE0006DD72FA15D67FF3DAD2D7FC1C02F550FBB2BBF1AD46572CAA59F64B8207C0ACB6A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........M..M..M..D.Z.Y.....E.....I.....T.....K.....A.....L.....J.....n.....J..M..C.....l.....L....6.L.....L..RichM..........PE..d......b.........." .....B...........K..............................................n.....`.........................................P..........,...........0+...6...(..h....p..........T.......................(...@...8............`...............................text...*@.......B.................. ..`.rdata...H...`...J...F..............@..@.data...8/..........................@....pdata...6.......8..................@..@.dbld0...A... ...B..................`..h.reloc.......p......................@..@.rsrc................"..............@..@................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftnmr.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:48ED3E437C64CBB9AE0ACFF64497C7A0
    SHA1:40CE53E52269C22B5D99B416FBFBCFB63DC12DFF
    SHA-256:38F7040B2C799AE54124DDB097E442C9986D2756075CD181F849F203101A4F5D
    SHA-512:D361D9931D245F44ABA14D1F37A83C5E2C8B11E144F1F349D712E5D807E8D24E5B44CA421E7D2F6A2A21258FD828F1F5AE5C854C372B1A6B7746B0ED4F8A60CB
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$............`..`..`.....`..d..`..c..`..e..`..a..`.Q.a..`..a.L.`..`..`.F.d...`.F.c..`.F.e...`.F.`..`.F....`.....`.F.b..`.Rich..`.........................PE..d.....e.........." .....L..........p........................................0!......<!...`.............................................8...H...0.... !.....0...0..... .8).... ..(...X..T....................Z..(...`X..8............`...............................text....J.......L.................. ..`.rdata.......`.......P..............@..@.data...pm...@.......&..............@....pdata..0............T..............@..@.dbld0..`........ ...j..............`..h.reloc...(.... ..*.... .............@..@.rsrc........ !....... .............@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftpgm.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5DFC7AA9BF8E5D19357CD8593166BE0A
    SHA1:004212D2EDA3F1CE520A1F66CD70C4DF886275B4
    SHA-256:7BC5089632D3E1F96F0977D499A338FC5576A04EC6212792C305814F5D6794CC
    SHA-512:9B2165590CEF6B65076CC8093A7C673D496D4E8F488E37EB62C3C4446EE153924B1C9C181750E0F5972F672E154B841A384E4BA9123F20BA4E3479238A24D5DE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H..............V.............................................6.......7..................._...6.......6.......6.:.....6.......Rich............PE..d....2.a.........." .....v...................................................`......c.....`.............................................8.......h....P......0...hy...........@.......'..T....................)..(...0(..8............................................text....t.......v.................. ..`.rdata...v.......x...z..............@..@.data...............................@....pdata..hy...0...z..................@..@.dbld0...............~..............`..h.reloc.......@......................@..@.rsrc........P......................@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftpp.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:2A31F4193690FD6163898C62A16396BE
    SHA1:D23959E134271DD764878837486E91456200E241
    SHA-256:D92BA39475D91924E6A8FD6F4789F2ECD3D5FEEDB35B28BFBBAD6C7C6C693404
    SHA-512:AFA5BB39702234B92D0D35B9CA92B5AFE73954BD228D10622FCED0FD52526B79E0318FD9B62E4CEBE0A6AEB8608B5EF3616691B0084C2417AC24F7089D4FD202
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F.V.(.V.(.V.(._..F.(...,.^.(...+.R.(...-.O.(...).P.(...+.W.(...-.Q.(...-.t.(...)._.(.V.)...(...-.L.(...(.W.(....W.(...*.W.(.RichV.(.................PE..d.....Ud.........." .................d.......................................P............`......................................... ...\...|...,....@......0....H......8)... ..x...hF..T....................H..(....F..8............................................text............................... ..`.rdata...`.......b..................@..@.data....2...0......................@....pdata...H...p...J..................@..@.dbld0...T.......V...f..............`..h.reloc..x.... ......................@..@.rsrc........@......................@..@................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftprm.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:CD3C37A6EFC472F8A9190F53059C6450
    SHA1:98779B876E2AFA6A44CAA7C711DECD9070A69685
    SHA-256:5E80230D26686CED762CF7C509F576D1CE68E5DB19B575DCB9D146360415AF88
    SHA-512:A7ADD42E4281EBB94B05AB10A91C8B71A1406BF4A73C181AE19E79AD428BCACC79291408DFB4C2128EF589F40D2E68DC32D499E1337969A7D107FCAF1F73F2F7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................r...............e.......e.......e.u.............e.......Rich............PE..d......e.........." .....P...@......@............................................... .....`..........................................'..H....'..,...........0...........8)..............T.......................(......8............`...............................text...sN.......P.................. ..`.rdata..h....`.......T..............@..@.data........P.......>..............@....pdata.......p...0...J..............@..@.dbld0...9.......:...z..............`..h.reloc..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftprm_w8.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:04B590DBBB45472D7ED2C169F58ED066
    SHA1:510DBAB046C761D53DB831B4609722913803A608
    SHA-256:3EDA583DE6740CF90D830FFEBC6103704C249687453B9A37E3B08958A4940884
    SHA-512:84142718F459DE486FFCD2F70B80CE1DB3D900382B31FF4C7028FC97E7346691F24DB641C9071B4FF7CABDCEEBB21E5FBABD643AD428E79BBFB1C15D42D24395
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+C.3o".`o".`o".`fZ+`a".`=W.ag".`=W.ak".`=W.au".`=W.ai".`.P.af".`.P.al".`.P.af".`o".`.".`.W.aI".`.W.an".`.WG`n".`.W.an".`Richo".`................PE..d......c.........." .........j......,=...............................................8....`............................................H...................0k...6...r..8)......x.......T.......................(...`...8...............p............................text............................... ..`.rdata..............................@..@.data....0.......$..................@....pdata...6... ...8..................@..@.dbld0...B...`...D..."..............`..h.reloc..x............f..............@..@.rsrc................l..............@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftscr.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:ED6DFFFF1DF15635029620C7CB3FC930
    SHA1:EB8BF2CC45487B19F976DE5080C2072CFAAD74EE
    SHA-256:D15FEE3C0DAC6C780E2818C435FAEF939C9D53CBADCAF13544B1CB02EDDFB6B1
    SHA-512:61295E898A8B10BE12B4DB02F7E4DAAD6C9EC9BAEB504AF44982EB057D76A1D88E5EBCBBB1F02573082A22960C6772130F6E124D0117F5A87B420D8452930564
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........3g..R...R...R...*...R...'...R...'...R...'...R...'...R... ...R...R..US...t..R...g..R...'...R...'...R...'...R...'...R...R...R...'...R..Rich.R..........................PE..d.....d.........." .....b...r......@+.......................................`.......Y....`.............................................H............P......0...D7......8)...@...... 4..T....................6..(....4..8............................................text....a.......b.................. ..`.rdata...f.......h...f..............@..@.data...X...........................@....pdata..D7.......8...^..............@..@.dbld0..tB.......D..................`..h.reloc.......@......................@..@.rsrc........P......................@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftscruc.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:51C67956A8CF9C4285A020A3314AC72D
    SHA1:9F025BEAD6AFB71D2ADA7FD2C030E47AC249DD51
    SHA-256:E6F94FB3A3DBB2404524A82D37FF68C5E121BA3295A013A1FED371032A35E150
    SHA-512:DABEF30C52787435D7EEB84E51F665C489DA0D7AC0F0BD8B6BC4BD71CDE3C9793C8881F2AFA62C62085A9CE2B5536F8AADEE0D510DD2F18029EB153FF83E6BBC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L\...=..=..=..EN..=.ZH..=.ZH..=.ZH..=.ZH..=..O..=..=..<..H..=..H.[=..H..=..H"..=..=J..=..H..=.Rich.=.........PE..d.....d.........." .........T......`I....................................................`.........................................p...L.......,...........0[..0-...Z..8)...........[..T....................]..(....\..8............................................text............................... ..`.rdata..............................@..@.data....*..........................@....pdata..0-... ......................@..@.dbld0..`8...P...:..................`..h.reloc...............H..............@..@.rsrc................T..............@..@................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftstm.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D2AF8AB2B031AF80DC0D45E2905BDAD4
    SHA1:0242B2DC36706293C9ABE90DF1CD27F8DC99BF72
    SHA-256:C87008230971A094392254B6DD3648FF8FAE272CF85F6EB5973E7BF5918F8830
    SHA-512:BCF2EFDB1EC7361A07B087C3A7E678230A982F60615FE86B4C4DA0560DDD2E7B0917176B50437AD4D88787805718FE4EDF6F6FCDA1E71ECED2A62BE47E227DC5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..lM..lM..lM......lM.v.I..lM.v.N..lM.v.H..lM.v.L..lM.P.H..lM..K..lM..L..lM..lL.+lM.Q.H..lM.Q.M..lM.Q....lM.Q.O..lM.Rich.lM.................PE..d......a.........." .....x...........:....................................................`.........................................P...H.......@...........0.... ...|..........`......T.......................(...@...8...............P............................text....w.......x.................. ..`.rdata..............|..............@..@.data...x....@......................@....pdata... ...P..."...$..............@..@.dbld0...+.......,...F..............`..h.reloc..`............r..............@..@.rsrc................v..............@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsfttr.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:9758A232702EA99F874C9893BF69595D
    SHA1:8CD63B824D6C2B47A54828D3576EB3A288CBE290
    SHA-256:526AF910124D260A2F5E839AB22B8360799A3D9AEDCE84AECDA778E9B42AF062
    SHA-512:7BBBCB924A66F9D5D0EB8D155B434100E67D7E800C002B648726BFDC8548EBDB6BDFABB663DFBAF4D1C2BBD71869955483916102219B972AD6198AB0F868715C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FOq....M...M...M.V.M...M._.L...M._.L...M._.L...M._.L...M.\.L...M.\.L...MYF.L...M...M...M.\.LA..M.\.L...M.\.M...M.\.L...MRich...M........................PE..d.....%`.........." .................e............................................../Q....`..........................................m..H...Xm..@...........0;...Q...`..p...........$...T.......................(.......8...............h............................text............................... ..`.rdata..............................@..@.data...x4..........................@....pdata...Q.......R..................@..@.dbld0...]...0...^..................`..h.reloc...............D..............@..@.rsrc................Z..............@..@................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftui.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:952CC0EC8FC0413F6F3D5BCC428A1131
    SHA1:C10BF96465E6711FF5163EEFCA8244886B6B56EB
    SHA-256:C19C617A2ED0F4FA42EC952D1644D03B31F53F5A2D17EFA8B52833BA132C11BB
    SHA-512:5FAAFF79F07B41B3B551AA3DEFED9AA5F3DF312E4EF7ED632586FEE82AF9772DA90F3A840573C69958555013C60C043B2B12615292282C20C729727C7508C1DA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........FJ..J..J..C...Z......B......N......S......L.....K.....M......E..J..G.....;.....K...|.K.....K..RichJ..................PE..d.....a.........." .....N..........\N...............................................G....`..........................................g..H....g..|....p......0...T<...0.......`...... ...T.......................(.......8............`...............................text....M.......N.................. ..`.rdata..N)...`...*...R..............@..@.data....5...........|..............@....pdata..T<.......>..................@..@.dbld0...G.......H..................`..h.reloc.......`......................@..@.rsrc........p.......*..............@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftup.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0757B6C67F82593B06FEED98CD3837FA
    SHA1:4D672F6F4580A3B3ACCC19751632492C555B4C40
    SHA-256:84259DCDFF4344AA18D44701CA407C6E041F488D44877403C5E41C5467A1027B
    SHA-512:308A6A2E3072553E5A80FF57727EF1386C3CD348FF2659067F51D43DB7C38F94B2007235ED4D523D25D07A66F30BD2C66CFBA8794EDD57BD856DDB7660BECE7B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...........................................k.......j.......k......k......!.............N......N......N......N......Rich...........PE..d......c.........." ......... ......`................................................x....`.............................................H.......|...........0K..L....v..0)..........h...T.......................(.......8...............P............................text............................... ..`.rdata...d.......f..................@..@.data...`V...P.......0..............@....pdata..L............L..............@..@.dbld0..|....@......................`..h.reloc...............Z..............@..@.rsrc................p..............@..@................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wsftwm.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0F1E85FD7FAB83C31E77CA82FE568369
    SHA1:C7DDF60ABF478904D973E160FFD9BF07EEC366C4
    SHA-256:43CD5B65058602CE00D297913C3C22B31A26A7AF215F55A81DA51157B1921CCC
    SHA-512:A888F8191620555F4367F7B8C7E91194ED5CB1511CF94B53F2C0D42AE7F2EBA43BD84AE0D91813B8FEA1F4ECFB99D697B334DA18A7A2E0F587905682EDA77A5E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FXN..9 ..9 ..9 ..A...9 .H%..9 .H$..9 .H#..9 .H!..9 .K%..9 .YQ!..9 ..9!.9 .K%..9 .K ..9 .K...9 .K"..9 .Rich.9 .........PE..d...ks.a.........." .....$...................................................p............`.............................................H...........`......0+...............P......Hf..T....................h..(....f..8............@...............................text...\".......$.................. ..`.rdata.......@.......(..............@..@.data...............................@....pdata..............................@..@.dbld0..0)... ...*..................`..h.reloc.......P......................@..@.rsrc........`......................@..@........................................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbbpp32.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:34941DDCE95DACB81F2BE2085FD684D5
    SHA1:AC9E6806F160F8B969A2DCB0C2274FDF430BABC2
    SHA-256:ED7F06021CF8C51E328A0B1C7EA81B70858F85051E1231EC6EDE371287B42913
    SHA-512:6D3E624C8E62D12136A0CCF83F4DC1625FF6C430C9F8AB920ABAF6E9E88BA299EF140601F3C0DBB9EDDF1A369AEFF862B69364B1EA7908F8F6DB298F674CAD2F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{....o..o..o.Lhl..o.Lhj...o.Lhk..o..ok..o..ol..o..oj..o..o..o..hj..o.Lhn..o..n.X.o.#oj..o.#oo..o.#o...o.#om..o.Rich..o.................PE..L...F}.c...........!.....4...................`............................................@.........................p...P.......x...................."..8)...@..l0..8...T...............................@............`...............................text....Q.......R.................. ..`CODE..../....p.......V.............. ..`.rdata..h|...`...~...8..............@..@.data...l...........................@...DATA....0...........................@...BSS.......... ......................@....dbld0..0....0...................... ..`.reloc..l0...@...2..................@..@.rsrc...............................@..@................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbbpp64.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:19A81A67C358192F4F0A6EBF066C6370
    SHA1:3CBCF908340D6A19EBFE52EA5844288B0D6D9A03
    SHA-256:126B1D7C5DC1B283DAE236ED61023EFE0DA7377E98D5F3236EDB8F5960D9C445
    SHA-512:EB8007E6E9EA57818F718E3428FA9FB7D31AA1FA6837E84406AC0FF15D76702D449F2FD5272BE7EA251EE66034D9F0F2760CC93349E2681AA8CB29AE14270D8F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8h..|..J|..J|..J.{.Kr..J.{.K...J.{.Kn..J.|.Km..J.|.Kv..J[.J~..J[.Ji..J.{.K~..J.|.K9..J|..J...J.{.Ku..J.|.K}..J.|.K}..J.|.J}..J.|.K}..JRich|..J........PE..d...0}.c.........." .....P................................................................`............................................P...@...P...........0....&......8)......\....f..T....................h..(....f..8............`..0............................text....O.......P.................. ..`.rdata...K...`...L...T..............@..@.data...............................@....pdata...&...p...(...4..............@..@_RDATA...............\..............@..@.dbld0...2.......2...^..............`..h.reloc..\...........................@..@.rsrc...............................@..@........................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbdhm32.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:44EEA9E20C558ACDECF4CE8CFBA4A18A
    SHA1:11569F9A737B3FEE63929941D0F3702BE9FA3BD2
    SHA-256:DDC3581FAADA95DD5E5293B57F37B1792E36E4F6140D0C22695DF4224FAA60C7
    SHA-512:55E0E791A767B84B474CF63EB3C1ACF5AB875E90C3E9E707AB72F9D73E03D40125A7E4C711C647DD74909B4352D22C8381E82917F67EDF3E18D4391D07D87B48
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*vHBn.&.n.&.n.&..e%.~.&..e#...&..e".y.&.<b".a.&.<b%.x.&.<b#.".&..e'.c.&.n.'...&.n.&.o.&..b#.s.&..b&.o.&..b..o.&.n...o.&..b$.o.&.Richn.&.........PE..L...7.ee...........!.....d...............................................................@.........................0...L...|........................j..8)...p..<[......T...............................@............................................text............................... ..`CODE..../........................... ..`.rdata...`.......b...h..............@..@.data....&..........................@...DATA....0....0......................@...BSS..........P......................@....dbld0..0....`...................... ..`.reloc..<[...p...\..................@..@.rsrc................d..............@..@........................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbdhm64.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4C53971AE3361B42E4681AADBC5B5BB8
    SHA1:0DAB8CB3B02A4EA178E9DD20E66AFF561B29106A
    SHA-256:EF5B2B272228398842F2832B8BF397263DD1FB3CD1057E9632BCD177D2A7EF0F
    SHA-512:2FE42BE28C1E9CE5996FC331F0354A6D5CC898A97EB3CEBBB0DBE645D86E6688CBF5A8677C5AF98F248D8329E7A3C3E10EB1A830FEFE5F09E158254BFE45AAB5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.._..X_..X_..X.n.YQ..X.n.Y...X.n.YL..X.i.YO..X.i.YU..X.i.Y...X_..X_..X.n.YT..Xx..X]..Xx..XJ..X.i.YB..X.i.Y^..X.iBX^..X_.*X^..X.i.Y^..XRich_..X........PE..d.....ee.........." .....d...T......$...............................................10....`.........................................@...L.......x....p......0....S......8)...P..L.......T.......................(...0...8............................................text....c.......d.................. ..`.rdata...!......."...h..............@..@.data...L...........................@....pdata...S.......T...*..............@..@_RDATA...............~..............@..@.dbld0..L^.......`..................`..h.reloc..L....P......................@..@.rsrc........p......................@..@........................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbhte32.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5E93E74DE3182113CE768BFC57F37594
    SHA1:2F6F2B7AD8D263AF012E8B430CCAF229F3651B66
    SHA-256:1BEB744E232A03314A33EDCCEFC600CB6696509B4324AE0B00FE4CDB6AAC5936
    SHA-512:E261C32968F56A486D7246E93494AD0629E5B57C15D9E582777C58B17EA6A5DD57FB33D3A6CEA7CAD28C5EA078A3C7D8A4652CF6B54F91CB4186B3078842AE4D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........)...z...z...zS..{...zS..{"..zS..{...z...{...z...{...z...{..z...z...z...{...z...{...zS..{...z...zE..z<..{...z<..{...z<.@z...z<..{...zRich...z........................PE..L...Q..c...........!.................N..............................................|.....@.........................`...P.......x....................0..8)...0..(E...~..T............................~..@............................................text............................... ..`CODE..../........................... ..`.rdata..............................@..@.data...............................@...DATA....0...........................@...BSS.................................@....dbld0..0.... ...................... ..`.reloc..(E...0...F..................@..@.rsrc................*..............@..@................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbhte64.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E911A0D0D2249F06D7E6C470E777C26B
    SHA1:F51EB473E1B079E68686F0AA6105D9084B354822
    SHA-256:86E3C6505350A689E2AE2580ADCA064A6B7CF72B32843C99554C840E168E6294
    SHA-512:EB90F2E639E545A31C10C53FE2C37346E57088FF8A5BD968C372F3315545318B6E8CAA1C78D3B2519275CD5E00B9860F705570418F2C73420B72A1CCEB123C40
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$............e.].e.].e.]c..\.e.]c..\.e.]c..\.e.]...\.e.]...\.e.]...].e.]...].e.])..\.e.](..\.e.]...\.e.]c..\.e.].e.]he.]...\.e.]...\.e.]...].e.]...\.e.]Rich.e.]................PE..d...a..c.........." .....h................................................................`.........................................@1..P....1..d...........0k...?...f..8)..............T.......................(.......8...............X............................text...?g.......h.................. ..`.rdata..J............l..............@..@.data.......P......................@....pdata...?.......@..................@..@_RDATA.......P......................@..@.dbld0...J...`...L..................`..h.reloc...............R..............@..@.rsrc................`..............@..@........................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbij.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:B4AE5BAC36DE2533C12B8A28EB930A37
    SHA1:608C5C8C79E3FFC6C27BD5CB1336807CCBBDF23B
    SHA-256:8EE2E6DB683DBAB7FC70E319A9EA5061182401E6F86F2C3023848F36847FC6E2
    SHA-512:0A399841216ADE08D2DFDB7D6A5E7748173E00EF14D72DC09A108BC31FC6AC643B45448E7F9E1EF88E4CA9E905865F0FF9887846E9F5C6B1F4269517A282BF1D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!M.!e,.re,.re,.rlTPru,.r7Y.sm,.r7Y.sa,.r7Y.s{,.r7Y.sc,.r.^.sl,.re,.r.-.r.Y.sf,.r.Y.s,,.r.Y.sd,.r.Y<rd,.re,Trd,.r.Y.sd,.rRiche,.r................PE..d....".e.........." ................<n.......................................@.......9....`.........................................@[.......\..,....0......0{..........8)... ..0....|..T....................~..(... }..8...............(............................text............................... ..`.rdata..............................@..@.data...x4...........~..............@....pdata..............................@..@.dbld0..L....p....... ..............`..h.reloc..0.... ......................@..@.rsrc........0......................@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbij_w8.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:AE9834AF0F400593E6E3A9D170AC5AD0
    SHA1:EAA3C138CC87DD623A71DBF06F6651304AA08265
    SHA-256:95D61333338505B5532592FEA102869703840BE3412355A466E15DE8503690ED
    SHA-512:9FBA1C458BB350F87BB7C0DBB21A17DA677A93B2E200A27F7F2F92008E82D4FA7E7DCCD11A8C80F5B5255ED70C2A630F11B40535DDE3ADAAFECC829BAC60164B
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......~e.F:...:...:...3|p.*...hq..2...hq..>...hq..<......8....../....v..;....v..8....v......hq..$....v..=...:...~....q..+....q..;....q..;....q..;...Rich:...................PE..d.....cc.........." .....d..........<z....................................................`.........................................0F.......F..............0[...!...2..()..........H...T.......................(.......8...............0............................text....b.......d.................. ..`.rdata..v............h..............@..@.data........p.......N..............@....pdata...!... ..."..................@..@.dbld0...,...P......................`..h.reloc...............&..............@..@.rsrc................,..............@..@................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbllh.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4396AB46F8AB2C31E0B165BCE195B2D4
    SHA1:4E64F14E1D5FF843DB9F67C37076EFCE9209AAC3
    SHA-256:5747D27844146866F132D7628C051A4BCB64F252A9082723C3C5B3D022078D33
    SHA-512:87980D64CD36CF045B181BE6804682B9E1E9AC31EEB5D1A3B4F2A757B0E936566E2DB066D67EBBA32C5A88B3EE1220D872A8DA9A6B4DB4AD08AB9DDE234585E7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............|...|...|.......|.$.x...|.$.....|.$.y...|.$.}...|.......|...y...|...}...|...}.(.|...y...|...|...|.......|...~...|.Rich..|.................PE..d...Pp;a.........." .....l...............................................................`.................................................H...............0k..D....V..........P...H...T.......................(.......8............................................text...Wk.......l.................. ..`.rdata...............p..............@..@.data....+..........................@....pdata..D....@......................@..@.dbld0..t$...`...&... ..............`..h.reloc..P............F..............@..@.rsrc................P..............@..@........................................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslblsei.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:44DE7324322A0BE218C4B8BECA4C936B
    SHA1:F12DB9AE93852DBE960938640EC3E8B0B7B241B4
    SHA-256:1154EF1E85E292FD362DDE93123934E8E92BF4DDA71B7B5AC214AF0FF3872B1D
    SHA-512:64A04CB0150C974773A38E2F62D17CB8AA10E2F7AD6866256D9FB411F07826F449A3F61AF4BE81A66E15639B6E441BC059778915BE80D4D1C8D5761203DB04B3
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........k...8...8...8.|8...8...9...8...9...8...9...8...9...8...9...8...9...8...8I..8...9...8...9j..8...9...8...8...8..x8...8...9...8Rich...8........................PE..d...k ne.........." .....B...........r...................................................`..........................................<..<...L<..............0K...i...j..8)..........P$..T....................&..(....$..8............`..@............................text...l@.......B.................. ..`.rdata.......`.......F..............@..@.data...PR...p.......T..............@....pdata...i.......j...p..............@..@.dbld0...t...@...v..................`..h.reloc...............P..............@..@.rsrc................d..............@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbmid.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A8E0EBB5FB5644725C3AFD55CFF3D8FC
    SHA1:1D2B793B77633BFFBC916107838F1B0BDF9315CE
    SHA-256:1C4C1CA2B64EA0F4FDA3E074D8CA135A9A581EF276B79869F4BB568F7A88D987
    SHA-512:6A42B1B11E27C05EF06E9E28E5EDE2EDBD85C22A6CA3D917451991B3549900D8EEC0D585429C071B587853FA4742A7AB49CBCD7CCD1EDF7A3689FB411ED7785A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........|n{Z..(Z..(Z..(Se.(L..(.h.)R..(.h.)^..(.h.)C..(.h.)\..(.o.)W..(.o.)[..(.o.)y..(.o.)W..(Z..(m..(.h.)...(.h.)[..(.h.([..(.h.)[..(RichZ..(........................PE..d......c.........." .........8.......$...............................................5....`.........................................@#.......#..|...........0...8X...&..8)...p.......J..T....................L..(....K..8............................................text...W........................... ..`.rdata.............................@..@.data....J...P.......6..............@....pdata..8X.......Z...P..............@..@.dbld0..hc.......d..................`..h.reloc.......p......................@..@.rsrc................ ..............@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbscr32.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6C05852375CCA4772D001A096E0B92CF
    SHA1:91967307B15D17B09F635B4ECC7D5CE3540E37F9
    SHA-256:95B65ACF16F3D0ED8F4EBEC8B205CB2F7DC6DD232DAAC74695FECC37C2B99F61
    SHA-512:F9E99DF9B2B861D9F07500320001C3ACDC4FB1709AB558EF05130FCB234BDEEE263F780667CD575FE88E4BA923BB48004326761146BE4720A3944030D07B5DD2
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|,.8M..8M..8M...?..+M...?..M...?.. M..j8..7M..j8.. M..j8..tM...?..3M..8M..9L..8M..9M...8..GM...8..9M...8W.9M..8M?.9M...8..9M..Rich8M..................PE..L....8.d...........!.........*...............P......................................W]....@.........................@(..P....(..x.................... ..8)..........{..T....................}.......|..@............P...............................text...kK.......L.................. ..`CODE..../....`.......P.............. ..`.rdata.......P.......2..............@..@.data....f...@... ... ..............@...DATA....0............@..............@...BSS..................T..............@....dbld0..0............\.............. ..`.reloc..............h..............@..@.rsrc...............................@..@................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbscr64.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8748D16CAB891C167A264F497CC1FC17
    SHA1:C1C4641D623626A58DDC42D051155908AB0F9A74
    SHA-256:4F709F65BDEC644129FFE16422EFB956AD18C5AADF057EBB1600D4FA0C3203A5
    SHA-512:84D590828EFD6037331C749F81B7171CA2389CE4DCBCFC1A60993C3EB469D54FB45D006DB910EF69ACD7B7530E53E393D9A6EC8DED88B77C82E1F0A993E3BC9F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......6...r..Rr..Rr..R..S}..R..S..R..Sa..R .Sb..R .Sx..R .S"..R..S{..Rr..Ra..RUZ.Rp..RUZ.Rg..R..Ss..R..S...R..Ss..R..bRs..Rr..Rs..R..Ss..RRichr..R................PE..d....8.d.........." ................<........................................`...........`.............................................P.......d....P......0....y......8)...0..D.......T.......................(.......8............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...............................@....pdata...y.......z..................@..@_RDATA..............................@..@.dbld0..............................`..h.reloc..D....0......................@..@.rsrc........P......................@..@........................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbscrwh32.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:EDFD1F3FF9E57551AFC50D1477A94F57
    SHA1:CC0BD2E0613057B570726A814120272C72C1DAB7
    SHA-256:B27EADBE44167F79FFB741DDF8AA46E92D5A3E6A281FE763EDE03E92A5C86CBD
    SHA-512:3C2226688CD06AC7C29D5E5F8C94DA519B4EC558A73B9311BBAD9CD85245091C1B2446149785DAA1707B0AFC13A7F05A1B8C642B74A5A76472AA988B7E44C152
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o......|.............w...=...`...=...w...=...&......f...o......o...n......:......n....1.n...o.Y.n......n...Richo...........PE..L......d...........!.....`...................................................p......K.....@..........................#..\...L$..d....`..................8).............T...............................@...............H............................text...K|.......~.................. ..`CODE..../........................... ..`.rdata..P............d..............@..@.data....K...@... ..................@...DATA....0............<..............@...BSS..................P..............@....dbld0..0............X.............. ..`.reloc..............d..............@..@.rsrc........`......................@..@........................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbscrwh64.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:EFA72299DB3870D4BD5E10E52424C9C4
    SHA1:9A04CD42E00B5AA13CCB94AAD9E765C3F0535E43
    SHA-256:A517F929835F49A3BBA68209BD2F2ED302B2C31B2BDC050EB20416E27D74B9FC
    SHA-512:3CFA22734E119FF2E4D3E29F5A6C818EF630D161DC07F139F52B5AE20D1F921FAC62D1A27622478DB6D4EC2C17582BC7A7BDFF4196BA17B5FCB7F79013996B72
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........._...1...1...1.0.2...1.0.4.O.1.0.5...1...5...1...2...1...4...1.0.0...1...0...1...L...1..._...1.'.2...1.'.4...1.'.1...1.'....1......1.'.3...1.Rich..1.........................PE..d.....d.........." .....p...".......;.......................................P......Tt....`.............................................\.......P....@......0....n......8)... ..0....,..T.......................(...`,..8...............h............................text....o.......p.................. ..`.rdata...............t..............@..@.data........0......................@....pdata...n... ...p..................@..@_RDATA...............2..............@..@.dbld0...y.......z...4..............`..h.reloc..0.... ......................@..@.rsrc........@......................@..@................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbuan.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:30D3F2DCFA561495C0B8C3BF59FB6E1C
    SHA1:6043C9AD85DD4D600A8DE2DEB3D3DB1B534EFABC
    SHA-256:8CA3571913235917D44DCED9D726C424839703CB64D2D782D0ED8B03EB45559D
    SHA-512:0BE2C4DC5763ACCD4A7B527F7EB58C297E1B46527ECE5E05C55FF5384E33A32FC467F965C34C6C632FE71828A878271A2CE8344AC1F407FF19D8399038601998
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......P.<...RU..RU..RU...U..RUF.VT..RUF.QT..RUF.WT..RUF.ST..RU..RU..RU..VT9.RU..QT..RU..WT..RU..WT6.RU..SU+.RU..ST..RU..WTm.RU..RT..RU...U..RU..PT..RURich..RU........PE..d...._.c.........." ......".........,A .......................................0.....#.0...`.........................................0g,......h,.......0.....0....c...:0.8)...@0..q..Pi*.T....................k*.(....i*.8............0"..............................text....."......."................. ..`.rdata..4]...0"..^....".............@..@.data.........,..t...z,.............@....pdata...c...`-..d....,.............@..@.dbld0..Dn.......p...R..............`..h.reloc...q...@0..r..../.............@..@.rsrc.........0......40.............@..@........................................................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wslbvpsp.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:0ED61628236C34D036D9C94C3A66FD98
    SHA1:40890C1D86FE2B9E4B20A8C92ACA7B992B765FC8
    SHA-256:BDE83AF2484BFD7672F38648F2868DB825B1A2BA225D4C43031405828ED63836
    SHA-512:E6902E7993A53888598116BE261B8D7CAD76E1AFD613DAC0838E4730E459F1A47C7ADEEC1ACB4B80023C05BA41761318ECB19CFD69A41B71A84CE7365D47C8D7
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........................C......C......C......C......d......e.............j.........]..d......d......d.n....d......Rich...........................PE..d.....%`.........." ................:.2......................................0I.....OPI...`..........................................&......( 0.,.... I.......H..E....H.p.....I.......H.T...................p.-.H.....H.8.............3..............................text............................... ..`.rdata..`...........................@..@.data....#...@.......*..............@....pdata..0....p.......2..............@..@.dbld0....&.......&..L..............`..h.dbld1..p....p)......().............`..h.reloc........I.......H.............@..@.rsrc........ I.......H.............@..@................................................................................................................................

    C:\Program Files\Topaz OFD\Warsaw\wstlcup.exe (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:01ECAA29A7BCB0136F085C510806F16B
    SHA1:B7CA58DF2E3EA1FE4687CB78F6576D832E834B0C
    SHA-256:EDE6537C7D630DD9A906EEF36F8E71FB980362A4A39C190D07F9393660F743D7
    SHA-512:B72C258EF032CE74358B078C216A5746B284A9A5EB3A14A7350404BA53899BA7D7CC5EB76EC2F39CE8307A407CDF12695CF1AD8DF5F23C89259E4EFAC954A3E6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._.n1..n1..n1...5..n1...2..n1...4..n1.4.5..n1.4.2..n1.4.4..n1...0..n1..n0..n1...4..n1.....n1...3..n1.Rich.n1.................PE..d....I.a.........."............................@.....................................s....`.....................................................<...........0...`.......h.......p....g..T...........................0h..8...............x............................text...P........................... ..`.rdata..............................@..@.data................v..............@....pdata..`...........................@..@_RDATA..............................@..@.dbld0..............................`..h.reloc..p...........................@..@.rsrc...............................@..@................................................................................................................................................................

    C:\ProgramData:chnpbmzkyg

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\core.exe
    File Type:data
    Category:dropped
    Size (bytes):136
    Entropy (8bit):5.737195662126343
    Encrypted:false
    SSDEEP:
    MD5:7305335590C6EFE8F075AF1E1F3B9AC8
    SHA1:25E8028EB8174401BE2A92838682B41E832AB913
    SHA-256:40CD5DD8E949FFB961C94FB50D64542DFFC000387D2D105C37AF36323974DD7D
    SHA-512:BD56DBA4C0FA50D0BFAC03D2F08C524F5E4826DB0AECC86062F39068F005FB3A9700CBD0003989F92AC6F7FCBE3BBD25829FAA4C342F66BEDED65FBCCD4DEC4E
    Malicious:false
    Reputation:unknown
    Preview:Ws!?....+..................................\.....@PP0..@Cm.\.Z.."b...J.Wzf........`...a#N..s.w&.H.T......E..%...b.........:....=5..

    C:\ProgramData\Temp\_cd\.hcd

    Download File
    Process:C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe
    File Type:data
    Category:dropped
    Size (bytes):868
    Entropy (8bit):7.729120741641195
    Encrypted:false
    SSDEEP:
    MD5:BA9F403A2FB859D6087B63794A237560
    SHA1:018ED0FF5AA348CD56A4E6AAD5DB205FBCDDB2F9
    SHA-256:44A750263DE24FA4B651B790AC9B46190D27E5EEB869548C497C3DCC2173502C
    SHA-512:1307599C3967B8EA88EE0BFCB30EF0B069AD45AEF63FD45A2474E431FC68F0D440B601DA30EC18A7F5D63A78237E6B939B1E9A05EFF836C8AC121DAE77A3E791
    Malicious:false
    Reputation:unknown
    Preview:Ws!?*...............X.l....... `.p.h<<..O..;+.x...S.>.}W..sk....Jp...|..F....W.I.../..~.&....t2av.._.Q...c.#.~.........~M.a...B.\....y&2.{...m.[.N.....al^.=.n.$'%.....V..R.g....t.E."6dk.WE..!..;<X......$.{'.h.{.kO.*.....c.ztF.Z.b.o.....#.W..?..^>.w.N|.....4..-+.....~...*.......w.O`.Vx..H.....)k.#..........,.[QY..m...[...2._.F..CA....G$.X?s._.A...........-J..p|...`)y....4@..j~.-...,.O....NK;c..Np.=.Q.........S..A.fj.>.w...[.......M.4YAH...vpL!.....rAm,.......P..r.(..p+J..............j!.'bS.P..@...d...CW..........w5.3....B?...o9..[...yZ..ef.Z..!.-\.ROGy.@.X..lxd..S%.k...q.. ......x.....gX\yr.y....s..'=BJRE...*..^..4.h.m.LV...zl..q.K..t..a.c....z@S..."3..o.3...I4b.._v.yeq...-..d....`.....sY.d.=K".*.(.~f-ev)d..p"z.;...m-.xk....b.kz.I.]o.....H=....}L.......4.......bc.t2..Y.E.#..4.......v...)J...k..a..WM...

    C:\ProgramData\Temp\_cd\589e49d4745d647094694c4d7b625bc5.wtcf (copy)

    Download File
    Process:C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:78F2FCAA601F2FB4EBC937BA532E7549
    SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
    SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
    SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
    Malicious:false
    Reputation:unknown
    Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

    C:\ProgramData\Temp\_cd\8709caecdc1b32d6decf74ca8a4fd123.wtcf

    Download File
    Process:C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):1428
    Entropy (8bit):7.688784034406474
    Encrypted:false
    SSDEEP:
    MD5:78F2FCAA601F2FB4EBC937BA532E7549
    SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
    SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
    SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
    Malicious:false
    Reputation:unknown
    Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

    C:\ProgramData\Temp\_cd\88561e6508a6a0d226eac047f2994a11.wtcf

    Download File
    Process:C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):955
    Entropy (8bit):7.34295278734559
    Encrypted:false
    SSDEEP:
    MD5:87CE0B7B2A0E4900E158719B37A89372
    SHA1:0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
    SHA-256:3E9099B5015E8F486C00BCEA9D111EE721FABA355A89BCF1DF69561E3DC6325C
    SHA-512:552CBDFBE33421B682AB9E42CAFE274E9D6F55EB971D18D0AB9E68D1E6FB715B0580EFECF84198A61A458D9F7656F4E485F2B2643D575F17269D613B95063407
    Malicious:false
    Reputation:unknown
    Preview:0...0................F...`...090...*.H........0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0...061110000000Z..311110000000Z0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0.."0...*.H.............0.............C.\...`.q....&...... 9(X`......2a<..(........z.....yS\1.*...26v...<...j.!.Ra. ......d..[_.X.5.G.6.k..8>...3../..(......nD.a5...Y..vm..K.+..r.`..5.xU. ...m..I|1.3l"..2Z......9...:r.......1u..}".?.F..(y...W..~......V.......?........_.wO......c0a0...U...........0...U.......0....0...U......E....1-Q...!..m..0...U.#..0...E....1-Q...!..m..0...*.H.....................rszd...rf.2.Bub.......V.....(...`\.LX..=.IEX.5i..G.V.y...g.....<..&, .=.(.._."...e....gI.]..*.&.x.}?+.&5m_...I[.....=%.....o...dh.-..B.....b.Pg.l....k.6...7|.[mz..F`..'..K...g*h....3f....n...c.....%ml...a...&..q......Q.+.....P....E/...

    C:\ProgramData\Temp\_cd\c054fe2fb26941c1a6cca23251b6efc3.wtcf

    Download File
    Process:C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):29599192
    Entropy (8bit):7.994085378354122
    Encrypted:true
    SSDEEP:
    MD5:03FC2E9A9DD01245D1C9C678CAA19D94
    SHA1:7452F92484D2F51584B7D5A0C9EA4796580805BC
    SHA-256:452DFA55F156CFD2C7486E32234646E461CE0B63EA2E08F124DBC9186DC6BDC2
    SHA-512:AB24AEED3EE16DBB27D743B33C59835FF3245ADC2331706AE22BCE68508A8B024588F01AF771FC0DE5BC78BD0B2AD17DB2726589F11B4EB39E271EB75C8FF5CE
    Malicious:false
    Reputation:unknown
    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................R...^.......^.......p....@.................................P.....@......@...................@....... .......p...............|..8)...................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................

    C:\ProgramData\Temp\cert_temp\cert2.cer

    Download File
    Process:C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):969
    Entropy (8bit):7.313824244031315
    Encrypted:false
    SSDEEP:
    MD5:D474DE575C39B2D39C8583C5C065498A
    SHA1:5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
    SHA-256:7431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF
    SHA-512:7B9CF079B9769DFA9EB2E28CF5A4DA9922B0F80E415097D326BF20547505A6AB1B7AC6A83846D0B8253E9168B1F915B8974AEC844A9B31C3ADCAB3AEC89FCD07
    Malicious:false
    Reputation:unknown
    Preview:0...0............\&j.@...y.F%w0...*.H........0l1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1+0)..U..."DigiCert High Assurance EV Root CA0...061110000000Z..311110000000Z0l1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1+0)..U..."DigiCert High Assurance EV Root CA0.."0...*.H.............0...........s....--2...?..%I.q*..4g...._i.@.......AY:...<.t8.J.M%..J.S.8..Imq.~c..._...ObQ.....8........(AU..Z..~q.5.Mr.=.:8P[w1....$E...m..Z.....Q..AA"Nea..AP.y\...JW...].S,~......hs.4..\.q.Z|U.^d.7.0V....)...y9....|'f...x....8..d.f]....%..].P. ..A.n.Q8.K.......c0a0...U...........0...U.......0....0...U.......>.i...G..&....cd+.0...U.#..0....>.i...G..&....cd+.0...*.H....................<.f..W!.!G.*g...2v@.W...z..e.5...E...L1K...C,..x...Syq..!...U..$d..f..7.4.i.#.x"+pC.UG1a..X./N0..1.#...e.3....=..^.1.`..-..\R......._...|6c8.D...&+..i.....W..v..U.Hi.*.[.D. 1...p&].`..K../...Ch..'..\..!.h..<.....\.c..G.%'g.7...}T......w..J

    C:\ProgramData\Temp\wslog.dat

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
    Category:dropped
    Size (bytes):150535
    Entropy (8bit):5.03290822994199
    Encrypted:false
    SSDEEP:
    MD5:B86283C2BF5EA999496E037081D0911A
    SHA1:51CEC6226BBE9114998B576C0569D035C33B571B
    SHA-256:0470547F4FF4C3ACDDF0E8C4E187ACFC4A64C5E3E98FEC349F16395F880E2885
    SHA-512:B09F60D63D59740B8E82AA4EEC944B0116315B7D49D42669442F4B29C88B2D7D598DA1B528719E855994EC18C24B329F054390B328DA138724258471B4979CB0
    Malicious:false
    Reputation:unknown
    Preview:.2024-04-26 19:35:31.743 Log opened. (Time zone: UTC+02:00)..2024-04-26 19:35:31.743 Setup version: Inno Setup version 6.2.2..2024-04-26 19:35:31.743 Original Setup EXE: C:\ProgramData\Temp\gbpcefwr64.exe..2024-04-26 19:35:31.743 Setup command line: /SL5="$303CE,28710489,832512,C:\ProgramData\Temp\gbpcefwr64.exe" /verysilent /sp- /norestart /suppressmsgboxes /restartexitcode=3010 /nocancel /accepteula /log="C:\ProgramData\Temp\wslog.dat"..2024-04-26 19:35:31.743 Windows version: 10.0.19045 (NT platform: Yes)..2024-04-26 19:35:31.743 64-bit Windows: Yes..2024-04-26 19:35:31.743 Processor architecture: x64..2024-04-26 19:35:31.743 User privileges: Administrative..2024-04-26 19:35:31.853 Administrative install mode: Yes..2024-04-26 19:35:31.853 Install mode root key: HKEY_LOCAL_MACHINE..2024-04-26 19:35:31.853 64-bit install mode: Yes..2024-04-26 19:35:31.869 Created temporary directory: C:\Windows\TEMP\is-5L66I.tmp..2024-04-26 19:35:31.885 -- DLL function imp

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie

    Download File
    Process:C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):91
    Entropy (8bit):3.964980110923723
    Encrypted:false
    SSDEEP:
    MD5:99BDE3452748E34D6C50275110A6A8D4
    SHA1:E79CB2A8DB7D8490523529D3861F95BA73A20C23
    SHA-256:D07311ACF641866E7E84823D2962F593BB655792301DC61AD6F0C6869D9C5937
    SHA-512:19FD529C6FE60BBBE3710FED93F14D723A13AD427431F855ED84F5E5E496B9F3EB8A6E8C31D740239EB225753D52A4F464B489FDBDEFF4477480026263D0F691
    Malicious:false
    Reputation:unknown
    Preview:Cookies are no longer stored in files. Please use Internet*Cookie* APIs to access cookies.

    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 9, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 9
    Category:modified
    Size (bytes):229376
    Entropy (8bit):0.7370849519627923
    Encrypted:false
    SSDEEP:
    MD5:3D32079E36DDC7FCA47FC486F08DF39C
    SHA1:1922698D9B991C954B3162F528D34E546F2633E0
    SHA-256:F236632980203B5D8E07C01A6FAEA04935B7AD58EDED49BA86CD953C49B794E3
    SHA-512:50B1035258882E5FC76C61016EA64DDEA655904F45BC97F9DA55B5AEDFEE54866250C376959926B2C886A9075CD488A5B1997F1FED6AA6D74015F4DFAFE3323E
    Malicious:true
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j......z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):66064
    Entropy (8bit):0.29459634241987154
    Encrypted:false
    SSDEEP:
    MD5:5439AECB028830D4B109DFB61336A758
    SHA1:1983B0F2F7413422D59FF52B9AC0E9C3B06BADE0
    SHA-256:65CADA0697535D590AC9C701EEDDD131F84E43ED945C6D883F2B39C48140C118
    SHA-512:F885188B8C3775EFBFF26FA74FA750E46207963E17DD30AA4FBAE272EE82DEB0E954F947D5FD3D5813ABD96A19BA1546D61F092F3A449AFBD3858C8E96CE3603
    Malicious:true
    Reputation:unknown
    Preview:.... .c.......Y...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................M..M.k.....R..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
    Category:dropped
    Size (bytes):294912
    Entropy (8bit):0.15237975382955252
    Encrypted:false
    SSDEEP:
    MD5:E6830B299FC319408807F7A594E06246
    SHA1:BBF3BD8C2A6E480C9811D6DC1836BF3A0BC6F33D
    SHA-256:F90D760AA92EF03CDADDF231881D41FEF644278B8D0C60FBBCDA83B8B016010B
    SHA-512:24754ADEE9C88EEAB8E19FD5D88FE3497C50E641D639555AFA26C54F49AC14F1EA3EC2FACD11B85AFD35C1E718371B578FA6CF4468B8F0BBC608A191EEF5FE13
    Malicious:true
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db-journal

    Download File
    Process:C:\Program Files\Topaz OFD\Warsaw\wsffcmgr64.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):98840
    Entropy (8bit):0.22682850030024462
    Encrypted:false
    SSDEEP:
    MD5:1C76391B004FCC0159505A00D3A5B642
    SHA1:C3DD5C6EDAA04BFD708BFDD760444A02038F38E3
    SHA-256:14CC9BDB2BDAAFFB20F9907639F5E6CFCA57629A72C2E0A7C494ECB105467B64
    SHA-512:FF1DDEB39144B6719A69A8731B660219F925C8CE2FD26C90F3B7E773507A3C827E4D545661B002BC9F8F63CA69325688038F5A15FD5CF135E6A6540FED878455
    Malicious:true
    Reputation:unknown
    Preview:.... .c........>........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\Instala o do M dulo Adicional de Seguran a CAIXA.log

    Download File
    Process:C:\Users\user\Desktop\HABICO116N_2024-04-26_16_58_38.139\Device\HarddiskVolume3\Users\Habico\AppData\Local\Temp\MicrosoftEdgeDownloads\7fbe5683-d8bf-40f0-a123-f37dcb0001b0\GBPCEF (1).exe
    File Type:ISO-8859 text, with CRLF line terminators
    Category:modified
    Size (bytes):1740
    Entropy (8bit):5.221432116611889
    Encrypted:false
    SSDEEP:
    MD5:7F006043CE641AF36987E0F25A0E6345
    SHA1:5CDC705774AA72EA0E6E52B3C91369107F3EEEAD
    SHA-256:87CE4E089BA979C88AF35767EF3E748BD465F48C5974ED10ED8DC967A96B8F5A
    SHA-512:19947093F4703971013869E8072EA641E2C5652DB4D8DA24507E0AC91C1A04535FD2981CF91B37ED7B0AD8A9314A2CC9EFE143BD0001D98596A038C344F8F81D
    Malicious:false
    Reputation:unknown
    Preview:04/26/2024 19:35:16 INICIANDO.....04/26/2024 19:35:16 2.11.0.1..04/26/2024 19:35:16 Usu.rio: user(Administrador)..04/26/2024 19:35:16 Vers.o do Sistema Operacional: 6.2.9200..04/26/2024 19:35:16 64 Bits: true..04/26/2024 19:35:16 Vers.o do Firefox. 118.0.1.8670 ( 118.0 )..04/26/2024 19:35:16 UAC: Ativado..04/26/2024 19:35:16 Verificando se Firefox est. instalado.....04/26/2024 19:35:16 Firefox instalado, ajustando configura..es necess.rias.....04/26/2024 19:35:17 [Verificando Ambiente] Ok...04/26/2024 19:35:17 [Arquivo hosts] Verificando.....04/26/2024 19:35:17 [Arquivo hosts] Ok...04/26/2024 19:35:17 [Instala..o de certificados raiz] Verificando.....04/26/2024 19:35:17 [Instala..o de certificados raiz] Efetuando download do instalador.....04/26/2024 19:35:19 [Instala..o de certificados raiz] Instalando.....04/26/2024 19:35:19 [Instala..o de certificados raiz] Ok...04/26/2024 19:35:19 [Terminal Services] Verificando.....04/26/2024 19:35:19 [Terminal Services] Ok...04/26/2024 19:35:19 [

    C:\Windows\Fonts\dbldwrsw.ttf (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:TrueType Font data, 10 tables, 1st "OS/2", 15 names, Macintosh, Copyright (c) 2015, GAS INFORMATICA LTDA.dbldwrswRegularwarsaw-Bold-2015:2:13dbldwrswVersion 1.0
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:B22F5F6B7E721DA4061C8B719B586647
    SHA1:E15537908ACCAF1520830C66F992058024EE30C9
    SHA-256:FE1ADA3CCBD2455C30715C334593BBB17C2D93C98DB318814BBAC1ADBF46957B
    SHA-512:97C7534D17DBB0C7164957265C509763C4A2310A9A649C816F0A7580591627C35132B50C4C3294F29154531EC958CF6A235B309675EDDE0517797BD1844B5CEB
    Malicious:false
    Reputation:unknown
    Preview:........... OS/2@.?7.......`cmap...........^glyf............head...F...h...6hhea...<...P...$hmtx)..u.......(loca...,...<...,maxp...#...t... name\.{.........post..H........D...........G.G.....G.G...5.e.............................. .@. .w......................... ...........#.m...................................P.L.O.Z.glyph4.glyph5...........m.....z.........................#...........................d...f..........!.%!.!d...s..........p.)...........u...".................&&'&&&5466676&&'...'...4/ )1+.....!'....&0(.........u.........VeR.....{....r.r..GOA.OBo!....J.....t..........&66'%....%.%..*.y.....5...........21a..!R.b...|....Zk.k......?...G...........5.7....&&'.......>cQ.............I<3..........3.3.....7.....667.%........O...0.....................2.G........7.......#....81.......`H........_....E...L............,...,...,...,...............0...h............A^.._.<...........3........d.J...3.t...............d.....X...X...............i.r.m.`...................).............)..

    C:\Windows\Fonts\is-01DD9.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:TrueType Font data, 10 tables, 1st "OS/2", 15 names, Macintosh, Copyright (c) 2015, GAS INFORMATICA LTDA.dbldwrswRegularwarsaw-Bold-2015:2:13dbldwrswVersion 1.0
    Category:dropped
    Size (bytes):1864
    Entropy (8bit):4.69786751141092
    Encrypted:false
    SSDEEP:
    MD5:B22F5F6B7E721DA4061C8B719B586647
    SHA1:E15537908ACCAF1520830C66F992058024EE30C9
    SHA-256:FE1ADA3CCBD2455C30715C334593BBB17C2D93C98DB318814BBAC1ADBF46957B
    SHA-512:97C7534D17DBB0C7164957265C509763C4A2310A9A649C816F0A7580591627C35132B50C4C3294F29154531EC958CF6A235B309675EDDE0517797BD1844B5CEB
    Malicious:false
    Reputation:unknown
    Preview:........... OS/2@.?7.......`cmap...........^glyf............head...F...h...6hhea...<...P...$hmtx)..u.......(loca...,...<...,maxp...#...t... name\.{.........post..H........D...........G.G.....G.G...5.e.............................. .@. .w......................... ...........#.m...................................P.L.O.Z.glyph4.glyph5...........m.....z.........................#...........................d...f..........!.%!.!d...s..........p.)...........u...".................&&'&&&5466676&&'...'...4/ )1+.....!'....&0(.........u.........VeR.....{....r.r..GOA.OBo!....J.....t..........&66'%....%.%..*.y.....5...........21a..!R.b...|....Zk.k......?...G...........5.7....&&'.......>cQ.............I<3..........3.3.....7.....667.%........O...0.....................2.G........7.......#....81.......`H........_....E...L............,...,...,...,...............0...h............A^.._.<...........3........d.J...3.t...............d.....X...X...............i.r.m.`...................).............)..

    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

    Download File
    Process:C:\Program Files\Windows Defender\MpCmdRun.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:modified
    Size (bytes):4926
    Entropy (8bit):3.2470570938906054
    Encrypted:false
    SSDEEP:
    MD5:B52CD0E8E3D35FC8B615D6DB1CF5E03C
    SHA1:44B3A8BB052B9446F7B45D0FB57C454D8C3535C6
    SHA-256:289BBB0AE90044EB61ABC8741EA98CECFB79632EC5673F4D8DBC66A7B480E071
    SHA-512:9BB4E4FC00E039E2D3FD611FE619403411FB576EFE2F1ADD5BD36073CC8D8A2265190BD5AF90834300F9FF666ECE9F02D28013B92F9D1AE077DEB83C1BF91ED7
    Malicious:false
    Reputation:unknown
    Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. F.r.i. .. O.c.t. .. 0.6. .. 2.0.2.3. .1.1.:.3.5.:.2.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

    C:\Windows\System32\drivers\is-DAPBJ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:Windows setup INFormation
    Category:dropped
    Size (bytes):2717
    Entropy (8bit):4.992903726311283
    Encrypted:false
    SSDEEP:
    MD5:E151A834C596224318A854DC05752E57
    SHA1:79666D9B0A405F35C3C08102EDC55ACB4CDF24F2
    SHA-256:A50FE78CDA1D916CDA6DBF8D3B70C9ABB6470C96ED2F30C834E7F113977DB6F3
    SHA-512:0473DB7FD21897DA90EC1EEF3DFBF1268EA996BE839936E92241D1C911B192B22BA674C93264D2F6F3965426C5B1C12897ED8CFBCC5ABEEF30EEB77E2E617E8E
    Malicious:false
    Reputation:unknown
    Preview:;-------------------------------------------------------------------------..; wsddntf.inf -- WinpkFilter NDIS LWF driver..;..; Copyright (c) NT Kernel Resources. All rights reserved...;-------------------------------------------------------------------------..[version]..Signature = "$Windows NT$"..Class = NetService..ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}..Provider = %Ntkr%..CatalogFile=wsddntf.cat..DriverVer=02/12/2021,3.2.24.1....[Manufacturer]..%Ntkr%=Ntkr,NTx86,NTia64,NTamd64....[Ntkr.NTia64]..%wsddntf_desc%=Install, nt_wsddntf....[Ntkr.NTamd64]..%wsddntf_desc%=Install, nt_wsddntf....[Ntkr.NTx86]..%wsddntf_desc%=Install, nt_wsddntf....;-------------------------------------------------------------------------..; Installation Section..;-------------------------------------------------------------------------..[Install]..AddReg=inst_ndi..Characteristics=0x40000..NetCfgInstanceId="{D84D0128-AE2D-4E27-800A-E030D4EF692D}"..Copyfiles = wsddntf.copyfiles.sys....[Sourc

    C:\Windows\System32\drivers\is-NNSG7.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (native) x86-64, for MS Windows
    Category:dropped
    Size (bytes):52104
    Entropy (8bit):6.818566722434744
    Encrypted:false
    SSDEEP:
    MD5:8F04FDAA9D5A7942738222A2F30ECB1C
    SHA1:5DB492113F2D1D63C14CBA28ADDD039C0FBD6119
    SHA-256:8D15A834AD6F7C5526A9F9DDE70F52C57CA8E0E9712E626FA281590DF35F140C
    SHA-512:5DBB029DBB6AC15DB2F12E45CDFCA4DF08E103495C2FC6C07EDFA49E8BECA7C92279EBF841A2019B94D20F101F5FB1C470E7C9C7DAC47ACD0D388AE0A492028D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@,;s..;s..;s....)~8s......9s....(~<s....-~>s....*~3s..../~>s..;s/.rs....*~5s......:s....,~:s..Rich;s..................PE..d......e.........."......R...:......P0.........@..........................................A................................................0...P....... ....p.......z...Q......D....F..8............................F..8............@..@............................text...L).......*.................. ..h.rdata..X....@......................@..H.data........P.......>..............@....pdata.......p.......F..............@..HPAGE.................L.............. ..`INIT.................j.............. ..b.rsrc... ............t..............@..B.reloc..D............x..............@..B........................................................................................................................................................................

    C:\Windows\System32\drivers\is-O3BFN.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (native) x86-64, for MS Windows
    Category:dropped
    Size (bytes):51160
    Entropy (8bit):6.701339752288222
    Encrypted:false
    SSDEEP:
    MD5:B9B7FAF000643E516F75C9C990BB3C4F
    SHA1:74F8628C4D3F8A2E54B0C3BFF02B6C3A694323E7
    SHA-256:42CBF711832EAE6603C7802C46813B85BA892FF24667F431850D8339AF830031
    SHA-512:3C2226A18DD437F2E6F32CA09E08D2850B1DDBDCDF6A77E0A950708CABEB643A63EBFBB8825E76D9606291379788ACC4B2358257917D175E1AFC18B81C3841D0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e....O...O...OS.O...O...O...OS.O...OS.O...OmY.O...OmY.O...OmY.O...ORich...O................PE..d....."`.........."......l...........f.........@..........................................`....................................................<........................C...........q..8............................r..p............p...............................text...r\.......^.................. ..h.rdata..X....p.......b..............@..H.data...P............j..............@....pdata...............l..............@..HINIT.................p.............. ....rsrc................~..............@..B.reloc..<...........................@..B........................................................................................................................................................................................................................................

    C:\Windows\System32\drivers\is-QRBJL.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (native) x86-64, for MS Windows
    Category:dropped
    Size (bytes):41816
    Entropy (8bit):7.104877847721943
    Encrypted:false
    SSDEEP:
    MD5:8ECD5DDC5E020C660C8D4DEFB2F2F400
    SHA1:26612293F5571E255ECAFB3E137139C8473CBB71
    SHA-256:C58DA77D6640786F2371FFF7F58C681691B7FE75566A3621492814C79CD7D2B1
    SHA-512:3B5B136021FD213D00F454A6A29BF22C033143AF82BA9C03E38B5FDF5A4A7FF0B350722B3B7C9ADAFC05E8C50F1A845EB2A320E90AEB73BAA54B47E0B9EB9BC5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.-]bzC.bzC.bzC...D.azC.....`zC...B.azC.bzB.}zC...@.fzC...G.dzC...G.lzC.....czC...A.czC.RichbzC.................PE..d..../Id.........."......*...<......@,.........@....................................{T.....a................................................0...<.......`.......L....R..XQ......0....A..8............................A..8............@...............................text...*#.......$.................. ..h.rdata.......@.......(..............@..H.data...8)...P.......0..............@....pdata..L............B..............@..HINIT.................F.............. ..b.rsrc...`............L..............@..B.reloc..0............P..............@..B........................................................................................................................................................................................................................

    C:\Windows\System32\drivers\is-RQ3BD.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (native) x86-64, for MS Windows
    Category:dropped
    Size (bytes):55496
    Entropy (8bit):7.1828967583071
    Encrypted:false
    SSDEEP:
    MD5:E5E1434F9E4F327EE84C9F31B879FC2E
    SHA1:7ECA71AE2A4C0630B1AEEFBD4014A7DF43FAD5EE
    SHA-256:D50617ACC02AA84A7C6D0719CD334030DA1411CD2CA3440941AF081BF4830CB1
    SHA-512:F69E3A00BE6B19DD685DC67678F6D73E5CEA2D17E78DED0A242C12E665FD9F658A0233B082CE07FE6EA450FD3BE0A339605E8031A642841C1526573CEF5A3F78
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-...~...~...~2......~..A~...~2......~2......~2......~...~...~]......~]..~...~]......~Rich...~................PE..d...W..d.........."......2...8.................@...........................................A...................................................P.......`.......L....^...z......8....C..8............................C..8............@..X............................text....'.......(.................. ..h.rdata..t....@.......,..............@..H.data...x!...P.......8..............@....pdata..L............J..............@..HPAGE.................N.............. ..`INIT.... ............P.............. ..b.rsrc...`............X..............@..B.reloc..8............\..............@..B................................................................................................................................................................................

    C:\Windows\System32\drivers\is-VGUV7.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:data
    Category:dropped
    Size (bytes):10722
    Entropy (8bit):7.234082916200666
    Encrypted:false
    SSDEEP:
    MD5:CCAF68B582F377B5142FA17364EE8811
    SHA1:692DB1E1B652D464F5AD9E155DB3293962A6F828
    SHA-256:FDE3A4406637912C2C5486AF106866F402D2D57F94417C56ACA4FD9D10B95DBD
    SHA-512:6FCECC8C9FBFFF969670CC5F6416466F426435F36FD0565D612196E8E0E92F829D963F0D7356674AEDFD1D19B04E55531FDDD53C066FA653C18847F53E979B72
    Malicious:false
    Reputation:unknown
    Preview:0.)...*.H........).0.)....1.0...`.H.e......0..-..+.....7......0...0...+.....7........{m|E...Y..0..210212133328Z0...+.....7.....0..P0.... e...VE...d.....[.fJ.i&.K...I..01..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........w.s.d.d.n.t.f...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... e...VE...d.....[.fJ.i&.K...I..00....s...\'.?...>....Ql1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........w.s.d.d.n.t.f...s.y.s...0....yfm..@_5......Z.L.$.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........w.s.d.d.n.t.f...i.n.f...0.... ......l.m..;p..G.../0.4....}..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........w.s.d.d.n.t.f...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ......l.m..;p..G.../0.4....}....0...0....+.....

    C:\Windows\TEMP\is-5L66I.tmp\API-MS-Win-EventLog-Legacy-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:018B5551C157B2EA156D7E13CB83CF8A
    SHA1:B2ADD4441327553300CDC44A71EE89DE68186AFF
    SHA-256:76A52E2E047E30093D0878888B783130410DE748355CC5D939F6559DBD2F6115
    SHA-512:6431B9AFFC488812200F6B4A3DD14C8BE4F1829CC7967CBE99320A24E405213B56591BC35D4017BFD192A9F2CE1542E5B80B0F65597C9642D17190D885005D3C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...t..............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....t...........>...T...T.......t...........d...............t...........$...........RSDS3;C.^...P.xt.......API-MS-Win-EventLog-Legacy-L1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...3;C.^...P.xt....._......eZ.t...........t.......................H...`...x...........+...^.......................I...|...................api-ms-win-eventlog-legacy-l1-1-0.dll.DeregisterEventSource.advapi32.DeregisterEventSource.GetEventL

    C:\Windows\TEMP\is-5L66I.tmp\API-MS-Win-Eventing-Controller-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:26626A6E929F24DEA50E2C6BD7E0DC70
    SHA1:D3D3929081CC94C31E3BC1D5DBACF87F524E91ED
    SHA-256:8C80EDD19A1C61A5306DAF2A20319A8E26575AB2326F261411BE2927821C11C6
    SHA-512:3C9D1BE1A927A606DE9B11CCB9EE6BF3C640B8D4A630A1D3EBB7DB3183B6C169B88D5719AF24539F019C2900178B00E75CAD38E8623073514621E221C4F4E6CD
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L................!......................... ...............................0.......`....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@..............B...T...T.................d.........................$...........RSDS..;......3.......API-MS-Win-Eventing-Controller-L1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....;......3....*...[!..y............................H...t...............B...t...................=...g...............,...a...................2...Q.............................api-ms-win-eventing-controller-l1-1-0.dll.ControlT

    C:\Windows\TEMP\is-5L66I.tmp\API-MS-Win-Eventing-Legacy-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:5F7EA40248D4BB199EA03F9D5F1EBE83
    SHA1:0479B37657768CA674ABA40D418C198F0B1029B9
    SHA-256:2D9F462E47B950161406D478A2568BA7E490AD049C48A3818C2B4FF08F27E294
    SHA-512:3F317436C13C4751F98C27A197506CFACCB973E4ED8A95B3A1802DA02ADE8DDA5AE868FEF56EB39678C2E239AC5C23C243C598DE09922A361D428A161E1D2850
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....<._...........!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....<._........>...T...T........<._........d................<._........$...........RSDS......x...1..o....API-MS-Win-Eventing-Legacy-L1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .........x...1..ol:.W...IV~.K.<._.........<._....................H...............+...N...y...................,...M...n.......................@...e................... ...A...b...........................................api-ms-win-eventing-

    C:\Windows\TEMP\is-5L66I.tmp\API-MS-Win-Eventing-Provider-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:BF4C34BE59B71FB162E48CDA39A1026F
    SHA1:D8ACB19074F67C7FFD89A301FEABA707E6AB26C3
    SHA-256:5DA9AE70DE91102A540AFFB14E34169AA95EB376F41F4649E2E78E9C644976F1
    SHA-512:D1D09776719CEDD33A084983B6BC4A5B33358053B1472EC69C6B1E6B72DCABCDA26B0DC6E59BB5E18F5F5A815439C901B257AB00FBB9A3BE034AD3ECBEE8A8E1
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...x.X............!......................... ...............................0......,.....@......................... ...\............ ..................."..............T............................................................................text...|........................... ..`.rsrc........ ......................@..@....x.X.........@...T...T.......x.X.........d...............x.X.........$...........RSDS...v..A.a=D.........API-MS-Win-Eventing-Provider-L1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...\....edata... ..`....rsrc$01....` .......rsrc$02.... ......v..A.a=D.....lR..t..D.U%qx.X.........x.X.....................H...p...............C...o...................3...`...............a..................."...M.......................api-ms-win-eventing-provider-l1-1-0.dll.EventActivityIdContr

    C:\Windows\TEMP\is-5L66I.tmp\API-MS-Win-Security-Lsalookup-L2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8FD9C6465594EF73628B6A86F7A98FBD
    SHA1:41A11898033C8D33F8B04BB86DDA3B6E8A479270
    SHA-256:2A9C1541D0A164491223D52FEC3D4B72AAFD0A147C199DC8BDEDF7998C5FCB52
    SHA-512:DCD7277B7A565F095826A558BD764144998DC52144D1476F13B480F27236D6F3427B7F222E0B0286D3B5443453E38D3545C03BE8C22300DBE33148DDF7C6736A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L......i...........!......................... ...............................0.......$....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......i........A...T...T..........i........d..................i........$...........RSDS*+bD.K.6...W........api-ms-win-security-lsalookup-l2-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...*+bD.K.6...W........>`....W....i.......i....................H...`...x...........%..._.......................J...}...................api-ms-win-security-lsalookup-l2-1-0.dll.LookupAccountNameW.advapi32.LookupAccountNameW.LookupAccoun

    C:\Windows\TEMP\is-5L66I.tmp\API-MS-Win-core-string-obsolete-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:3410E14B51450B24F3251A9BBBBD57DB
    SHA1:92D4D123019B4D8CADC0B64B0A6292D6AB50A6C4
    SHA-256:0A8AEBF8C2230A942AC29D7543BB1AA7AF206583118E9EC301E97EA95C3EB283
    SHA-512:6EC5C614B8B80BCE00DDBF304268DC922046D8503B2C5025FF01D906418AA8058F099AFEAAB2FA9E308DAC9CF39D121DBE58E5A06A48D0E5BADAB0BAAB1C301A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....$............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......$.........C...T...T.........$.........d.................$.........$...........RSDS...0s....1p.jG....api-ms-win-core-string-obsolete-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......0s....1p.jGm....n.L.....$.......$.....................H...p...................2...O...k...............................(...E...b...}...................................api-ms-win-core-string-obsolete-l1-1-0.dll.lstrcatW.kernel32

    C:\Windows\TEMP\is-5L66I.tmp\API-MS-Win-core-xstate-l2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4739B8519EEB6FD76A109C12882E670C
    SHA1:0C60657DC4ADDC833822C1DF9CDBCFE8EA5F4814
    SHA-256:6105FE6F5446597307307148E1EF3ECC02D384306E01715E2D4BB2B2223B53B3
    SHA-512:C26965E8C4CCBC1B3FCE1AA0B478076523D65745F19F233445AE9DE92B21C335E4F65CEB3A15DBB3796E07102AABFD9FC249F8A08E1F651D3FA5C9EADAC70952
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....L...........!......................... ...............................0......'e....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......L........:...T...T.........L........d.................L........$...........RSDS..y..v....E.Q..)....api-ms-win-core-xstate-l2-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....y..v....E.Q..).h#.........L..............L....................H...`...x...............I...x...................7...d...................api-ms-win-core-xstate-l2-1-0.dll.CopyContext.kernel32.CopyContext.GetEnabledXStateFeatures.kernel32

    C:\Windows\TEMP\is-5L66I.tmp\API-MS-Win-devices-config-L1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:90F649EE98720D9E1285D9452815B86E
    SHA1:6D9BCC9BA9B2D0C8082E663315F11E2C4F2C519B
    SHA-256:C17F6E0D8469EB45C217FA710E3CDA8015B747FE9D8C22236B5FE19069668469
    SHA-512:158847D4BB01E9F82545253A5DA2B0E68470C7F04D98E53C1A1A3F1DCC1E1AFDE48A8AEAE0523152C50EAE3620A011F8E5A69710483A46A4E8D1E1F2CAB000E4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...BK.............!......................... ...............................0............@......................... ...{............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....BK..........=...T...T.......BK..........d...............BK..........$...........RSDS..[K..'..UT.tY....API-MS-Win-devices-config-L1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ...{....edata... ..`....rsrc$01....` .......rsrc$02.... .....[K..'..UT.tY.%......O.sNBK..........BK..............&...&...H.......x.......0...o...................i...............Q...............=...y...........;...............?...j...............H...............B...............>...w...........

    C:\Windows\TEMP\is-5L66I.tmp\API-MS-Win-devices-config-L1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:EEE68EE0F2741C315EC6CD2E4349777B
    SHA1:01C48BDE90352F943E1CD0D09FD67648E24539EA
    SHA-256:9A1CF332B3868EEDADBE00F2C99698DC84D21C759A47C0FFA0E3C3C3940EB931
    SHA-512:1943560F0E0C418518898FAFB4BBBAB6AD7ECA04FE4EFDA6562ECF203D5A9EF7905EA98C454028C1FA640C59FD758F94EF507D08AF1FA02442B9B0FF31D87962
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....]*............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....]*.........=...T...T........]*.........d................]*.........$...........RSDS*.(4..#.WX.p.5.....API-MS-Win-devices-config-L1-1-1.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...*.(4..#.WX.p.5.....}f)..'W.]*..........]*.............'...'...H...............:...y...............8...s...............[...............G...............E...........#...I...t...............=...............9...{...........H...w...........

    C:\Windows\TEMP\is-5L66I.tmp\API-MS-Win-security-lsapolicy-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:952B246782E981B220908FF06B14C585
    SHA1:27A7783DB7C31D89422BD619852908F4DC33C184
    SHA-256:22476C5FCC5F45AB99749CB64999CDB6D9D48740CA5424C027C31C4444AD1795
    SHA-512:48A2F78DB4AC0E56EAD47143325D0ADA2FFC4DAEEA9C49E4CFFCD0AE41F9118C5B8A148B4060FCD02BD3C257DE02D3B580AB6E30AE6D731E229E92F31274146D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....$...........!......................... ...............................0............@......................... ...;............ ..................."..............T............................................................................text...[........................... ..`.rsrc........ ......................@..@......$........A...T...T.........$........d.................$........$...........RSDS.p..;....t.+.s......API-MS-Win-Security-LsaPolicy-L1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ...;....edata... ..`....rsrc$01....` .......rsrc$02.... ....p..;....t.+.s..W.t.m....}....$......$....$...............H...........a...............!...Z...................M...u...................H...w...............>...M...~...............L...q...............=.......f...............9...`...

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-datetime-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7D0690A235298519FDC912928F0333EF
    SHA1:D2AFFE98FCB0A0C473CA5756C3687A246B642BB3
    SHA-256:7A6F4E0442B3B4F6F936C00E7FD813D0FDA011F10496481D94805003CF4F330B
    SHA-512:98E1A4F2D0799CD2A36C5260CA3543544A6AC5973AA66D8C31FEE7842118281024EE27F2A9A31CE1A7429D7AEA99FF2D4628303CCA65FEF85CCB887868AB4EED
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0...........@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@...............<...T...T..................d..........................$...........RSDSt#.2..Z...ht_.,.....api-ms-win-core-datetime-l1-1-1.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...t#.2..Z...ht_.,. .#.....\.g.......................\...............H...P...X.......................api-ms-win-core-datetime-l1-1-1.dll.GetDateFormatEx.kernel32.GetDateFormatEx.GetTimeFormatEx.kernel32.GetTimeFormatEx.......................

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-debug-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:58C7BD9F4ADA6C7DBDCCE7454B30DA8C
    SHA1:AF4EAEC5E193299D7C30A43EF9E048D0F8BC8E53
    SHA-256:AA7D3968F62147E94ED850FD7576CD55DACF7B089A56CF84CCB6D714479E314B
    SHA-512:E1512F2C72CC9AA18788ED440D3C45366E032EADEC5E18D98FC17F124E5B649025AB7DD4D946CC9921DBB0963B8A52ADD240FB74DAD47B8ECBBB2F24461C18FE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....P.............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text...;........................... ..`.rsrc........ ......................@..@.....P..........9...T...T........P..........d................P..........$...........RSDS....[.. ..#.\..j....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .......[.. ..#.\..j...].8...&..P...............P......p...............H...X...h...........................................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebug

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-delayload-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6201C1EC72004FCCAAFC58CE96CA3E4A
    SHA1:4E1D8E7A3C0E373A732914B6C1187AB01701F928
    SHA-256:9D3EFDBB986B73C155A72D6FC1179E071CBEB7918D0407077E02058A2FE80AB1
    SHA-512:DE7ACDDA4A2458AE57C3C31263383185757600CAC6862207C4B096EE7EFE6FE699F15485D7B3B8B46AFFCDE3B24D39B87FDB47BD6697DCF0CEB514A44205F83C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..."7.y...........!......................... ...............................0.......p....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@...."7.y........=...T...T......."7.y........d..............."7.y........$...........RSDS..|."5.P.#..........api-ms-win-core-delayload-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....|."5.P.#.........7M..T..."7.y........"7.y....R...............H...L...P.......w.....api-ms-win-core-delayload-l1-1-0.dll.DelayLoadFailureHook.kernel32.DelayLoadFailureHook...............................................................

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-errorhandling-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:629290683332F2F8958BA55D7F334A65
    SHA1:A3F43A3AEC42BF64B8309356CFD3666C906E44E5
    SHA-256:7E0B13030655FB3F15A8739DD72DF8EDF4142C35C263FFC5B93C73D6E2C6555A
    SHA-512:6F6A189F90915598FC79409E668DA9EF522674CB7BBBFD79E2A16FE2E43CFF59A144D940E3FCCB619CFEAE5ED5E88A1A63AFBFEB55BA8D14B71FA616897588E6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...X..;...........!......................... ...............................0.......|....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....X..;........A...T...T.......X..;........d...............X..;........$...........RSDS.].~.{.s..z?49.I....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....].~.{.s..z?49.I....G..;.X..;....X..;....................H...d...................1...T.......................$...G...j.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.k

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-errorhandling-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4B5F725F3BB521A691B3D30794709E38
    SHA1:DE641C633B5003B07BF93A62036AD36E2A83D67F
    SHA-256:ED738EB6A30D85FF8301F80C7BCFE0BE7530384CBF81C0DD6E4D510418B3224C
    SHA-512:5281FD09C53341AB4D3C190AF01D814B449ED86D064FE99D87C50FA401F443DC04ADD153314F8EC06CBE4081696691FE5FDAF85B022FB3C584845B40CF76EB8F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...Ff.............!......................... ...............................0.......z....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....Ff..........A...T...T.......Ff..........d...............Ff..........$...........RSDS./.d.|T.,...`......api-ms-win-core-errorhandling-l1-1-1.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ..../.d.|T.,...`....4....+.n.Ff......Ff......z...............H...\...p...........A...................#...h.................api-ms-win-core-errorhandling-l1-1-1.dll.AddVectoredContinueHandler.kernel32.AddVectoredContinueHandler.AddVec

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-fibers-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:139D7CB5A5E3354E5235A9CF59EF62E6
    SHA1:F58665967E919889CABAF4BC499E4310F5B13321
    SHA-256:3F063447BDDD9B097C83BD67996E0721FB691D39B438AEA30C8D2626D229D700
    SHA-512:BEA985EB97F4EDEC6E423C6879500B60EB2F29561C32EA5DA6CB365B11751B95BE763BEC80C8AC1D94B4258F688D66A4C38B9E6951AFB804663FE7BBF724D89F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...S.a............!......................... ...............................0............@......................... ...{............ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.a.........:...T...T.......S.a.........d...............S.a.........$...........RSDS...l)..#.n.3.a.....api-ms-win-core-fibers-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ...{....edata... ..`....rsrc$01....` .......rsrc$02.... ......l)..#.n.3.a..J...g@....S.a.............S.a.....R...............H...L...P.......t.....api-ms-win-core-fibers-l1-1-1.dll.IsThreadAFiber.kernel32.IsThreadAFiber..............................................................................

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-handle-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4B78F140BE9D58050693B0F1CF57E101
    SHA1:900E591D6C2022BB7BF2B5BEC63469317351EB2C
    SHA-256:5C61D38F3983F39382E74006C9391B082B010CE343A561C90E571581E649C495
    SHA-512:9B4C956A847E75527601C496B86DBA9DC61A75FE273E0574169FD91F58CF1BFA43AF4DD9ACBB4F198135A7D79C32FE8E1A15C7C3721C8E9B14ACC3ACF1E71105
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....\-...........!......................... ...............................0............@......................... ..._............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......\-........:...T...T.........\-........d.................\-........$...........RSDS.cc....|3a.M..b....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ..._....edata... ..`....rsrc$01....` .......rsrc$02.... ....cc....|3a.M..b....r..B.a...\-..............\-....z...............H...\...p...................a...................L.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObject

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-heap-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E15CFA268B59E863E032226C75BA1B38
    SHA1:BEF9C284A398448648F87887220F7C154FAAB3DC
    SHA-256:4959A91B62F5A1B387C53D9A3F18071A06524E3C04A3E3712F65DDF6A61FA093
    SHA-512:55373E99F210B811CFE3A04843003F6F0CD56AD9959341722A25AACF3A019C6E114AC356F27D647C0688B37DA9F3E168F3D833C37FB5B11FE519B0EE312A0B54
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....u.............!......................... ...............................0......!a....@......................... ................ ..................."..............T............................................................................text...(........................... ..`.rsrc........ ......................@..@.....u..........8...T...T........u..........d................u..........$...........RSDSVd..`...*0..........api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...Vd..`...*0......N,.....I.W9.u...................u......................H...............?...b.......................!...K...s.........................../...X...u.......................?...`.......................................................

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-io-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8CD04413DC24100189C6472F938A0C4E
    SHA1:B1F0FEA715007740D86D4EFD4B43C45BA0F4EA8A
    SHA-256:498A4C1EC51608A1428E93C508F6FF150508882A229ECB6846C708D728E20DEE
    SHA-512:EB28F86CB5A5B0706A6091C06CEC2BE795206CBDE45BF621BF8C3386DF972F4C7B86B6FD438A8D0D58DC63B1383982C0C46324F024F4D1DDC86ADC24B580F528
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...a..,...........!......................... ...............................0...........@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....a..,........6...T...T.......a..,........d...............a..,........$...........RSDSUrT.....e5.....X....api-ms-win-core-io-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...UrT.....e5.....X.,=W^g....a..,................a..,....................H...d...................?...v.......................+...\.........................api-ms-win-core-io-l1-1-0.dll.CancelIoEx.kernel32.CancelIoEx.CreateIoCompletionPort.kernel

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-io-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:C58C0BB59A27669D89281726781C7FEB
    SHA1:3485FBA57A7A916C1802D53A1F0CB04D430FA35E
    SHA-256:2882D9DD27162C230C46218672C2B1E2CBB2D969661BC6D89FDB8BB02BA5D206
    SHA-512:DCA33729079BA89266BDD01A79A798A85D8CD08229A538F9A98E842DFF06030CC92D92F79C603CF5244DC73244BFC9760C63FAB2DC007C5A97E55D8E3228C895
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...(o.............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....(o..........6...T...T.......(o..........d...............(o..........$...........RSDS0zD./.W..".....(....api-ms-win-core-io-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...0zD./.W..".....(.hD<~.s..}(o..................(o......f...............H...T...`.................................api-ms-win-core-io-l1-1-1.dll.CancelIo.kernel32.CancelIo.CancelSynchronousIo.kernel32.CancelSynchronousIo.GetOverlappedResultEx.ke

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-kernel32-legacy-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:9630F69F5D9D625D523F225E6FCDFA02
    SHA1:5FA0848CFF75FF4E1A09633523AB387A645C4ABE
    SHA-256:DADE2907EF76EDCF3642993541BCFEBC2C952FEF12EE6AA192B98600F337E826
    SHA-512:217960DE6E4E2B2BA3329E237C9736EEBDF0A4AD6324C1BC3C5061EBAB3944E47ACEAB2DA4D76681CCF2BF69FDC7EC376AB3AEE478D829F137813BB84F8A4C58
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....D............!......................... ...............................0......h.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......D.........C...T...T.........D.........d.................D.........$...........RSDS/.V...d*n...\gR....api-ms-win-core-kernel32-legacy-l1-1-1.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .../.V...d*n...\gRn....l.!...b..D.......D.....................H...........$...b...............K...............#...O...y...................H...................q...............?...h.............................................api-ms-win

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-memory-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:BC0D10744E41ACC405A39B6E3638708B
    SHA1:711C2896D90A246D4F6F006ED4B1E4BFC0B18429
    SHA-256:D573B80776FCF78AAFB13F789AB2AADA14513E35F106BA95E6098509EB5F0659
    SHA-512:2CF685827A9916C6C9A1C29CB8A3642047E7DD0161A652C08F508F6CA0EDEBB2E2B4B2921AC11EB09F20DD2DC1DA64E6F3BAD91AA9EFBADFBD8E9835DC265909
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...f..............!......................... ...............................0.......z....@......................... ...l............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....f...........:...T...T.......f...........d...............f...........$...........RSDS.`9+ls.&.6}<,!......api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ...l....edata... ..`....rsrc$01....` .......rsrc$02.... ....`9+ls.&.6}<,!...z.=@..{ .3f...............f.......................H...............I...p...................>...c................... ...E...p.......9...b...................1...T...{...................6...]...................................

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-memory-l1-1-1.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:12961A8D12E77FC9B66345B80456F7FE
    SHA1:EC320D7A73DCF97B4B4FCB6E764A238A318E38C4
    SHA-256:4879D504F9BFB07BEA63F737A7D075D02BD3EC8FDBEC4ACBCF13C22E2BECE3B8
    SHA-512:57543F08371F07021ED31CBB5A612C42F6544FAFE81B076DFBC009E722A099F34A2E33EFBDD6512C06C45331C82F7984FCE14952C35DFC2C7A485BB553E1B2E8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....qW`...........!......................... ...............................0............@......................... ...6............ ..................."..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.....qW`........:...T...T........qW`........d................qW`........$...........RSDS.gN........;.......api-ms-win-core-memory-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ...6....edata... ..`....rsrc$01....` .......rsrc$02.... ....gN........;......p.i*.'.l..qW`.............qW`....................H...........#...\...............N...|...............T...................?.......E...|...........7...n...............D...m...............1...................................

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-privateprofile-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F21B159383B2307EEE4D173EE6E0BE6C
    SHA1:7885D39787B142CCDD391C1A1C93E81DB8D0ADB2
    SHA-256:DD94CFA70004C8C6F05BD9E72EEBD347391B0A6E9C136C42A4CCC506B3665B09
    SHA-512:975C5685C3AF200C020FCECEFDD02262DCCD7F08C086DAEBE16370656013D6AABCA3E660E459BBF6D7B4FAFA08D8C8D7457FC2B4A08629C54DAD06D39309B2AF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....l.............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....l..........B...T...T........l..........d................l..........$...........RSDSN.aH.b..G...Pnj.....API-MS-Win-Core-PrivateProfile-L1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...N.aH.b..G...Pnj.~..U\...R%..l.......l......................H...............I...............*...Q...|...............=...}...........3...h...............B...i...............!...b...................................api-ms-win-core-priv

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-processenvironment-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:FEEF06E726661A84A6F1566A25134694
    SHA1:512989D934FD51A2496115F93AE679A813126B0A
    SHA-256:0915617A618EABFF79C105F08C163711DB082DFDEF789868E713E569952ED9A9
    SHA-512:6383377326F0B8952484E5920FFF93049D631C9E67D7BDBD0FB0B14ADB147421B6717F481FB7F92E6122773AD70DCDAB3259B1ED86F230DA0C129584CDD74BDB
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0.......Y....@.........................0...G............ ..................."..............T............................................................................text...w........................... ..`.rsrc........ ......................@..@................F...T...T...................d...........................$...........RSDS.G..a..v...3.z......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg...0...G....edata... ..`....rsrc$01....` .......rsrc$02.... ....G..a..v...3.z..=..f[...f.i.............................*...............X...........r...........#...T...}...............H...................3...f...............:..._...X...............D...m...............1...h...................

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-processenvironment-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8A31142AC810277946FAB639806A59CA
    SHA1:01CDB404E093C6462EAD8B2DEF7D785CD98D4833
    SHA-256:34155D2CB648345CEAAB537EC57F0C9A713F193DC7029C9952B2FE5DB748C6FC
    SHA-512:DC54D8063AB00BC5D378FFFCD674DBFB71E8536F0070B85FCE4BA1356511C32934EDF2604E1810FCF1FE7E00D372C0D8397C92537D45DFFA55362E5F1C858225
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....+.............!......................... ...............................0......}.....@.........................0...'............ ..................."..............T............................................................................text...W........................... ..`.rsrc........ ......................@..@.....+..........F...T...T........+..........d................+..........$...........RSDSrh./.v..K.}...'....api-ms-win-core-processenvironment-l1-2-0.pdb...........T....rdata..T........rdata$zzzdbg...0...'....edata... ..`....rsrc$01....` .......rsrc$02.... ...rh./.v..K.}...'.5..7...S9.V.+...................+......v...............X...d...p...........B...........6.........api-ms-win-core-processenvironment-l1-2-0.dll.NeedCurrentDirectoryForExePathA.kernel32.NeedCurrentDirectoryForExeP

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-processthreads-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:FE55B59ED3FE47533979CFC10CB65430
    SHA1:FA7737CEE59EF9775B114BB7489F480DCCA14152
    SHA-256:02E46EE78F33D075B7BA41138F4179868991078C9998E618C5224E44BFBB8806
    SHA-512:5B59822F09255C1AE5AF94DB74296A826B02B8EDFA3E18CB851E3DACEF6E823B8E07827D6D7E74EEACD71B12A4C9BFC3CF3439D9F8875383A8A8B1EDFF0697EC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0......c.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d...........................$...........RSDSH.r.^al.X.nAj.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...H.r.^al.X.nAj......z.cbF9.o................2.......1...1...H...........k...............!...L...................4...c...................G...n...................B...i...............>...b...............%...L...............0...h.......

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-processtopology-obsolete-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D6CF0F5B4251F0E81A9E9D5AE6909B72
    SHA1:6A539E0B16BF551271ED1961F0D25FC8222E61F7
    SHA-256:18FC4FD73A983E0260E93DC00B3A52E4F1E86163F07A2EE93DE4BD8CB8C5CE6E
    SHA-512:8736127DA17470F9814A417D3012FF95280DE74E6FC01C8313076F5BFD0752AF718E02E023D541EB1C32780C08FC9CE562E58058E3D4C6FF62A380AD0F5BA3EE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0......-.....@.........................0................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@................L...T...T...................d...........................$...........RSDS....z....8.;..W....API-MS-Win-Core-ProcessTopology-Obsolete-L1-1-0.pdb.........T....rdata..T........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... .......z....8.;..Wd.|.qp.g...S........................................X...l...............C...x...................a.................api-ms-win-core-processtopology-obsolete-l1-1-0.dll.GetActiveProcessorCount.kernel32.GetActive

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-profile-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7D62AFC454E0C7C44F8035A731F815C9
    SHA1:B705BF7889807E3A77023B7F2CE235EE26FE8244
    SHA-256:D8EE48656C2D50D22BCCADD91C82699A944CA2C9AF4B81ADB9CC7C72521F34EB
    SHA-512:5AFBA04789E49100213ABBF8E47B7C0AF6D6550BF35C0E82236E9A5D0E2ABEC0F887922743D4BA88D597890DCADFC53632F37CFC7C04B5DDA78DE339CAF4CFDC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....=.N...........!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....=.N........;...T...T........=.N........d................=.N........$...........RSDS$.\`1D.>.....*2....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...$.\`1D.>.....*2..(.m.+....@.=.N.............=.N....\...............H...P...X.......................api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerforma

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-realtime-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:47F61567C3CD5CF4FC91B6C966402ACB
    SHA1:2365D52BA87AEDBB9075E4B5E82F146F2551AAE8
    SHA-256:B5D50AA80BF3731123D95C177D4D00EB8B2D21FED575C6969271C96A4520DF00
    SHA-512:959DAA2FD02EF7D7254866A721E102395E43AA2BA69E88D38B9D0BAEB439A0FB1FB50DAA6684C51C68DD58648749300D98F79953B02B432F11ABF9054D59E6AB
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....@a............!......................... ...............................0......L.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....@a.........<...T...T........@a.........d................@a.........$...........RSDS..PP.H...)}..D[....api-ms-win-core-realtime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....PP.H...)}..D[.E.....:...@a..............@a.....z...............H...\...p...........:...n...............$...Y.................api-ms-win-core-realtime-l1-1-0.dll.QueryIdleProcessorCycleTime.kernel32.QueryIdleProcessorCycleTime.QueryIdle

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-registry-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:B022E52FAE3EA7DA7B43C8E80CA646A9
    SHA1:CC1FAB36EE81C119AAE9856EBEA2E1735A309B30
    SHA-256:655CE7FCA0959A0EEB39B41DC7BDF3E094558875FB433067B6ABCE1BE34C7C08
    SHA-512:B66390F5F0C9F7950DC1D160F6BB56657117D4C9637A6E40A61C31065FA2D080D3135EAE9EDC584FE34DBBD9663DC291C5D47E841351D3A7A15DD01F73C09A81
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....r.............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....r..........<...T...T........r..........d................r..........$...........RSDSsC.W..>PV.{&. .....api-ms-win-core-registry-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...sC.W..>PV.{&. ..............r...............r..............+...+...H...........&...H...n...................8...`...................;...`.......................A...e...................A...k...................E...p...................4...^...

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-registry-l2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7637F7E78C00215698C9FAB777F8370A
    SHA1:A21D8C73D809F05DCB909B707319E9CEBFD9874B
    SHA-256:6203596B8374F099639809FAEF7CE094D8C809976BADA2063A1A18069B84AEB3
    SHA-512:6943BA8D4C15E2A3C34612BE836FA6D4AAE073E7C7721818EDBC9B1AF0855342C241B83F34CEB285C239382DFF4278B5B4749CD519B3E436B0FC0D880B3B5740
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....sI$...........!......................... ...............................0.......o....@......................... ...7............ ..................."..............T............................................................................text...W........................... ..`.rsrc........ ......................@..@.....sI$........<...T...T........sI$........d................sI$........$...........RSDS.....h..xg..........api-ms-win-core-registry-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...7....edata... ..`....rsrc$01....` .......rsrc$02.... ........h..xg.......!......./..sI$.............sI$............!...!...H.......P...........%...I...x...............4...m...............+...Z...{...............'...Q...................>...e.......................A...............;...`...........

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-rtlsupport-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F8BCE2FBDEE3321C3317F065A17A3A6D
    SHA1:77382D10C708325C9B13E6512A2536AD4A636260
    SHA-256:36445B1D179776E0B8880E370518BEA8F6999370A4E26D7B4C55E4D5D7C007B0
    SHA-512:CBD4CF2BCE63550478EB7F8F8E255FF5E543A12785033B4E9B47ABEBA5FFA106FAB82F6FC3871839B98765C92FBE347F14D4DA3EC4005E017C8ECDCD3B4D7B94
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....~............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......~.........>...T...T.........~.........d.................~.........$...........RSDS....)...A.N..R.....api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .......)...A.N..R........;_..}..~...........~.....f...............H...T...`.................................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBack

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-shlwapi-legacy-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:67813B708FB1940C51991583EDE1B573
    SHA1:219C55951926376020464F26BF4A0039920B3C50
    SHA-256:A6B55565BC493BCA30F6CB1A221E8909F29A3889970477512063F2BBB6F1507D
    SHA-512:50B4589C6BBA0D90A59AD0DF110B91BC0989DD30CE9B24F290716E261CB244C18D004798A1B98854E4A2362CB437761B4FB95CC5DA462BB3111063B3FF25D79A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....(............!.........................0...............................@...... .....@......................... ................0..................."..............T............................................................................text............................... ..`.rsrc........0......................@..@......(.........B...T...T.........(.........d.................(.........$...........RSDS.>b.U..}....%D......api-ms-win-core-shlwapi-legacy-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata...0..`....rsrc$01....`0.......rsrc$02.... ....>b.U..}....%D..o.|u uTd......(.......(.............X...X...H...................3...U...w...................<...h...................'...I...p...................G...t...............3...U...{...................V..................."...

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-shutdown-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:280B1E903AECFD521A0D37C33EFBB4DE
    SHA1:B56450ACF43B88393F234995637C93A2009C50ED
    SHA-256:7980B7B70031D31889C8CF6C8F7B19CF62A2A18C7DF542B8BD142CD3132115D0
    SHA-512:B3A9699B181ABE0A071B6088ED3E6F8C84F2BC1F663BEBB5C0F1DC5EEB8A9488F91F98EA86A66D45257B44FD27C19020B9A797A1D7E53462B369C2652E7251E6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....A'............!......................... ...............................0.......e....@......................... ................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....A'.........<...T...T........A'.........d................A'.........$...........RSDS.~..?...4...d&.....api-ms-win-core-shutdown-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....~..?...4...d&...MB...A[...A'..............A'.....\...............H...P...X.......................api-ms-win-core-shutdown-l1-1-0.dll.AbortSystemShutdownW.advapi32.AbortSystemShutdownW.InitiateSystemShutdownExW.advapi32.InitiateSystemShut

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-string-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E4EF5691D0E6EA554E8B5179252A49DE
    SHA1:2BB200F0518C679358C578B0253AA4C09806AA46
    SHA-256:C4C6392AA3F64C90DD85D08B13CFC99836AA181054BB54BA3C99C2F421B68850
    SHA-512:BC7AF83EB4FFC88CF354DEAF089E3E2938A6FB55DC9CB7982FC483CFC3A1924ACDBC627417D23D43B5E4D7FBFCD28412FA52AF3D7C764B71439047A872FA6D31
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0......w7....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@................:...T...T...................d...........................$...........RSDSPo....,3E..r.h .....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...Po....,3E..r.h .XK...z.g...........................................H...h...............%...I...o...........................=...^...............................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.Compa

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-stringansi-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:93A284EA42CFD11FD506A9DA7AEEF476
    SHA1:0E4DAE25F1057A35A590123E18A650CB2378AE68
    SHA-256:EDCFB3DDF7D825FD1DB391E21183A8EC47379DCEA781118B27FD0FC0C2F62C3F
    SHA-512:444BC6C70853D520ED1463F4EF173BAD836A9F4117C3870B76BC21C22D5AE3A7001561E243D2C4CE8950D749D9DF87911131176B7187042E35CB52305C3D25A0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...X.5............!......................... ...............................0.......l....@......................... ...P............ ..................."..............T............................................................................text...p........................... ..`.rsrc........ ......................@..@....X.5.........>...T...T.......X.5.........d...............X.5.........$...........RSDS... Z....<..}......API-MS-Win-Core-StringAnsi-L1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ...P....edata... ..`....rsrc$01....` .......rsrc$02.... ...... Z....<..}....u.0l...0ZX.5.........X.5.....................H...x...............2...O...l.......................;...\...........(...C...b...}.......................O...........................api-ms-win-core-stringansi-l1-1-0.dll.Ch

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-synch-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D87B51451A6EFBBF135691059292BB40
    SHA1:D2E3F6D30B6AC62C9F356C00598BE6B83CA8D13E
    SHA-256:95366108F386E6FE52ED893824AACD8140C5BB58536B13218B1E47B1AC374D5B
    SHA-512:28BA1845B3EA3808F70FBED6B72F92EB2FF00F2384AF666CD26BD0C30C6E122A9DC6EE82EE543AABF15FEBE0BF5A7F668D6F4CA8000A3110EDB5766B7F549163
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0......T.....@......................... ...V............ ..................."..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@................9...T...T...................d...........................$...........RSDS,:..n......Ng.V....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ...V....edata... ..`....rsrc$01....` .......rsrc$02.... ...,:..n......Ng.V...._......................................)...)...H...............Q.......................A...f...................D...x...........D...{...................5...`...................A...q...................?...{...........$...

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-sysinfo-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:95A3B7FDC1D61E67F10DD2A5D3772A6D
    SHA1:695FC3DD5C93CBA13B2912EA9D6C473392CBDF21
    SHA-256:226EBB213BC9DA85865D61D4E3F4C414D1EBA979564922BE33235310F7998B0C
    SHA-512:4519AE3C93434BC37C875AE18ECD1AF7991BB513F1ED149F0A3338A9ED61C892D30FEA15989984F34EDC968B9130D326383A967FD98B5AB00E09D06EBEDBFBF2
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....L.............!......................... ...............................0............@......................... ...E............ ..................."..............T............................................................................text...e........................... ..`.rsrc........ ......................@..@.....L..........;...T...T........L..........d................L..........$...........RSDS.,.V..........B....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ...E....edata... ..`....rsrc$01....` .......rsrc$02.... ....,.V..........B..~.......k..L...............L......$...............H...........Z...............0...n...................W...............*...K...m...............$...O...G...v...............Z...................?...x...............@..._.......

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-sysinfo-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D1E65091E68DFD29E9A9E230AFEA0C9F
    SHA1:E3C264DED66544227C44FC727F9A2EA4001690E3
    SHA-256:CBF8DBFC4F96CB7CE8C1397F57BDE2C4755D532984405D317D9F86564BD89B5C
    SHA-512:B4C9541E81D8B84A79CF604094B427FB6B8317A790871FBD08AA41837C61453400F41D759459010EE4B2B09CCBDD0F9F8D5B2320C1C7292691C25C4B80A17680
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....R.............!......................... ...............................0......9.....@......................... ...h............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....R..........;...T...T........R..........d................R..........$...........RSDS....a.b...........api-ms-win-core-sysinfo-l1-2-0.pdb..........T....rdata..T........rdata$zzzdbg... ...h....edata... ..`....rsrc$01....` .......rsrc$02.... .......a.b.........&b...)Y?\U.R...............R......................H...l...............C...m...............@...k...........1...^...............2...W.....................api-ms-win-core-sysinfo-l1-2-0.dll.EnumSystemFirmwareTables.kernel32.E

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-threadpool-l1-2-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:624915257DC0AE06FC9AD0FC03F189AB
    SHA1:29E66D8A59BAF09E92D866A7E877ED8211E58699
    SHA-256:C4B5A08B6FA9BEEE7D9E924AE98A8CF49ED33B09455C5AEAB03FF817C3867E15
    SHA-512:A12423539C990797D2245DA4C88C5F2C6717E53F63686D1E4EAC590A371DCEE6532EA976B7F413EB814D27ECA3E468C5623B50471CE7A3B1AA04889763666A9F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....].#...........!......................... ...............................0.......=....@......................... ...[............ ..................."..............T............................................................................text...{........................... ..`.rsrc........ ......................@..@.....].#........>...T...T........].#........d................].#........$...........RSDSq.nVi...[Z.X........api-ms-win-core-threadpool-l1-2-0.pdb...........T....rdata..T........rdata$zzzdbg... ...[....edata... ..`....rsrc$01....` .......rsrc$02.... ...q.nVi...[Z.X....T:.R........].#.........].#............%...%...H.......p......."...N...............9...k...............:...l...............e...........9...............[...............D...t...............<...~...........S...........>...

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-timezone-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:08422E540F71AFBF8895440DBCE80AA4
    SHA1:22F690F251032776E47565D46F3285C4011695BD
    SHA-256:F650B7D8B20D0DC12ECDD0F683C3A1252D4FA0D9941378541738F38614AF3C67
    SHA-512:B5D24B50A332AE3CA5DB1C14398B08195F1619994B8EC5543F6ED23410EFFB546993D76254813E4B769D1CF147F8611884DBD1EF6177471BF5C258B3F5E84C35
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....A............!......................... ...............................0............@......................... ...E............ ..................."..............T............................................................................text...e........................... ..`.rsrc........ ......................@..@......A.........<...T...T.........A.........d.................A.........$...........RSDS,..[..e.;:.d.N....api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...E....edata... ..`....rsrc$01....` .......rsrc$02.... ...,..[..e.;:.d.NG0...g.@)....A...............A.....................H...|...........J...........%...c...............Y...........:.......5...h...........E...............9.........................................api-ms-win-core-timezone-l1-1-

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-url-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:516064696806C69D13D6E55016A28DB7
    SHA1:04A86A062111725C6887E09D0FD51CB7DCAF35F3
    SHA-256:B37E4BAA6D049C9729412D7C1A9BEB423FC9151AD1076603D57C865617F58C67
    SHA-512:7CB850DAC7A98248118E9CC00A8DBF0BEDB3ED49EF50657D8835B7CDCD72E5BCA37AF7674027B471E2C7F92C4192FC748A258D1DA601BE7CF2A7A0C97CE06D02
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...;..............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text...5........................... ..`.rsrc........ ......................@..@....;...........7...T...T.......;...........d...............;...........$...........RSDS..B..b.QT[.{......api-ms-win-core-url-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....B..b.QT[.{....C...-.0.;...................;...............&...&...H.......x.......'...L...r...................>...d................... ...E...e................... ...>...[...}................... ...8...W....................... ...........

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-util-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D0AF7FDB22EF65ECFD861726C10CE489
    SHA1:135FA77423F0893629CFF3CC5197AE9A09579253
    SHA-256:87F17BDC61E71F15B3FE684E239EFB8B39F9EC245010C457517436AEF9C6B364
    SHA-512:79F1DE08AD66ABC93227EB20E93CC7FF6B6A94D4752B1765B43B0A6D551861290E3334480AC46AC84C615D05EB25AEBB4795C2DDCF0830B182DAC800735C5AEA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....9.H...........!......................... ...............................0...........@......................... ...9............ ..................."..............T............................................................................text...Y........................... ..`.rsrc........ ......................@..@.....9.H........8...T...T........9.H........d................9.H........$...........RSDS....",3..}F........api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...9....edata... ..`....rsrc$01....` .......rsrc$02.... .......",3..}F.....$.*}g......9.H.................9.H....z...............H...\...p...................<...................(.............api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.ke

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-version-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:74A4B714C851DE93C773B1772A40807D
    SHA1:48506056F569A40EE28155C507E3578AF5EA4579
    SHA-256:8B9D7B249FD8B32D14465B6D038060DA3545114BCF0041ADA1F7205B81D6887D
    SHA-512:683FF7108630C74CD8A8F4AD1701C952545450405AB10FB8D744681E3BD3F9E5F3EB48BDDDC9217E37A7A28F65979B0CEA1D21B88BC7C6D41B5D54F8D90909CF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...E..Q...........!......................... ...............................0......6.....@......................... ...+............ ..................."..............T............................................................................text...K........................... ..`.rsrc........ ......................@..@....E..Q........;...T...T.......E..Q........d...............E..Q........$...........RSDS...g.8.n...hu. .....api-ms-win-core-version-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ...+....edata... ..`....rsrc$01....` .......rsrc$02.... ......g.8.n...hu. ...|.6J..:.ZJE..Q............E..Q....p...............H...X...h...............4...............%...........api-ms-win-core-version-l1-1-0.dll.GetFileVersionInfoExW.version.GetFileVersionInfoExW.GetFileVersionInfoSizeExW.version

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-core-xstate-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F0C3B5B14D0B5C1420D1E22F3585F4C3
    SHA1:CDE069A5CBC8BDEFCFF8A67DCF26538CF35EB99B
    SHA-256:145CCA35FC844F511E8AF7756374D27125A440B088410ADE80C15527FB39E224
    SHA-512:D31FA82062057909E3B7BA150CCF601E1E2BD657996AEF1C48187864C4D1B66C6D74E3971338FC497D31978121E253910647E761FAE7F484B75C86939112ADEC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L................!......................... ...............................0............@......................... ...r............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@..............:...T...T.................d.........................$...........RSDS.L.^..4.....@.......api-ms-win-core-xstate-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ...r....edata... ..`....rsrc$01....` .......rsrc$02.... ....L.^..4.....@....k.8^8.8.Y.....................................H...h...............L...............9...q...........0...n..........."...V...................api-ms-win-core-xstate-l1-1-0.dll.RtlCopyExtendedContext.ntdll.RtlCopyExtendedCo

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-crt-environment-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:3701377FBCE6D04E1CDA1278105CD27F
    SHA1:10260265BBEE57826F250EAE17F1CB52B4B7D7ED
    SHA-256:B4EF8189B0645AD7CDE550408317BE161668D4C6A0E7DB2333215C18AF21F3D5
    SHA-512:99BC5B1AD38470EE8CEDB24BF8C980187903B1B463BF77164F6EBC0F53E7DC27BFF7AE461CED82B03B7BD64846C298DB09A739D3D4DEB7378AFD46C5664763DC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....][...........!......................... ...............................0.......r....@.........................0..."............ ..................."..............T............................................................................text...R........................... ..`.rsrc........ ......................@..@v.....................][........>...d...d.........][........d.................][........$...........RSDS.,.A..\...R..=v....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0..."....edata... ..`....rsrc$01....` .......rsrc$02.... ....,.A..\...R..=v....N..{?M8d..][..........][....................X...........?...c...........................7...S...o.......................'...@...2...U...z...........................I...f....................... ...7...

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-crt-locale-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6D1422B23C1A6FBCE786FDE4B2AC730D
    SHA1:F9718E011EE2B613F008C4931715F4586A1025BD
    SHA-256:53715AF760F84BD56195E16F2BCCDD4B38A76A8FF8FABDEBEEEC029CAF41A906
    SHA-512:F522EA403C596CA8FB1A9323C64EC852F524BB203B54C3F189D00699DFF2CE4A5509AC29A232D68EA1D470EF756D0968E95C925C04C942B9AB35892CF68EB4C4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....JI...........!......................... ...............................0............@.........................0...e............ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................JI........9...d...d.........JI........d.................JI........$...........RSDS$.,...E.b..,...g....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0...e....edata... ..`....rsrc$01....` .......rsrc$02.... ...$.,...E.b..,...g.>]......S....JI..............JI.... ...............X...........U..............."...e...................D...n.......................D...d.......A...r...............@...................7...Z...................

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-crt-math-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F683358ADBD2530B10BE774ABD3A62DF
    SHA1:62AFBECFE5850A73820C8F51CFC32D74EA91BA7E
    SHA-256:0F93D2DC02A1244AE7CB3872472D4F92BD1E8F2E337AA13CEDF68DFE72C2263B
    SHA-512:869F777EB18B89C0025E650066EF568D085A3F9BCAB8002CD13429D7D86C3B7BCDE1D07CF562F696099609CC59C72E0CBDE60552B745896E0DDCEDCF204F092C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....T.>...........!.........................@...............................P.......L....@.........................0....+...........@...............4..."..............T............................................................................text....-.......................... ..`.rsrc........@.......0..............@..@v....................T.>........7...d...d........T.>........d................T.>........$...........RSDS....1...9......E....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0....+...edata...@..`....rsrc$01....`@.......rsrc$02.... .......1...9......E...s.......T.>.................T.>............:...:...X...@...(...................(...@...X...p...............................2...K...d...}.................... ... ..A ..m ... ... ... ...!..J!..u!...!...!...!..

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-crt-multibyte-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:752CB74040D2E6AB365982FC2F3E489B
    SHA1:CC0AE53C48BF163B62E568C815E90220E0F64152
    SHA-256:78B548E687FC423E157EE26823326715FDBB9E362C3248D5CA3CF5092932458F
    SHA-512:135A90E773683C71C9D58A6705EE84E566A55B609BB172612A56C6769E74B206A0F165A86ABEA9BE3E4F46FDB5377AB211A4D4D6FD0A76133FF7BE4A3EA95B66
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L......[...........!.....$...................@...............................P............@.........................0.... ...........@...............*..."..............T............................................................................text...$".......$.................. ..`.rsrc........@.......&..............@..@v......................[........<...d...d..........[........d..................[........$...........RSDS$"^...1h...&........api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0.... ...edata...@..`....rsrc$01....`@.......rsrc$02.... ...$"^...1h...&....[.'37...e.....[...............[....(...............X...x.......[...........................Q...t...................$...G...l.......................?...b.......................4...W...z...................)...

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-crt-private-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:6F543D365CDBCF2204A991C70FF487FD
    SHA1:09FF5AC8AA846E116A6EC954D24C4B270FAFE07A
    SHA-256:D2B2DC0B0A6C4984B4A6555389B6726057B3CE45A0584681635FC71729351EC4
    SHA-512:6C1A21C01761A5E40E1E0FB63C04CE43653723092C5B9CE101F295AE2120CDA4E3D869D534709584101A24EC806D557EFA256534DEF9918D9B67298B61AC8A0D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................................................................@.........................0...................................."..............T............................................................................text............................... ..`.rsrc...............................@..@v...............................:...d...d...................d...........................$...........RSDS...8.<.....=`4R....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata......`....rsrc$01....`........rsrc$02.... ......8.<.....=`4R.......+../.........................>..............X....#...5...?..0?..W?...?...?...?...@..:@..v@...@...@...A..KA..|A...A...A...B..8B..lB...B...B..1C..hC...C...C...C...D..?D..hD...D...D..9E...E...E...E.. F..

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-crt-string-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8594FF30AAB6D441F95C500D67A57E7A
    SHA1:24C77A2D8B5FB19F0744EE53B4BC4D511E7BD945
    SHA-256:7DE6493B79CF66B0B69BA94089945E44982BFB6C528CBFA7C6EB1FD90985E6FA
    SHA-512:04947DC3DF87E0EF447CBAEE2EE1EB7B5E230F0200DACD2C051BD9987AC6B13B06276C22634B18492522F63FDF33339802CB86CCA24653E5A94B50881466A07D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....J.............!.........................0...............................@.......1....@.........................0................0...............$..("..............T............................................................................text............................... ..`.rsrc........0....... ..............@..@v....................J..........9...d...d........J..........d................J..........$...........RSDS...mL..w.z....A....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ......mL..w.z....A.OQ..N..(...J...............J......L...............X... .......w.......................%...C...b...........................:...\...{.......................:...[...{.......................@...a...............

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-crt-time-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:87F909B473CE38E465421F2AEFA532A9
    SHA1:D14A0ECA0382D289809BCE4B69888C2A09EAF0CA
    SHA-256:BE9897967DC95F9AD2B816D60FE3AC487097B2EE2AB434CD43A4A028C0DDD936
    SHA-512:53949D3402C82131BDC88FE4D21B8AB64B8B3EE2322663639114EE4A30580E6FDD3CFF54914FC3A410FFB82A31ADB17F8752736077FE5BEA4C3A19F498243D5D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....c!...........!......................... ...............................0............@.........................0................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................c!........7...d...d.........c!........d.................c!........$...........RSDSTi...:..L?.3".......api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...Ti...:..L?.3"...:.}Fc........c!..................c!....(.......H...H...X...x.......P...m.......................,...J...h...........................5...V...t.......................'...K...o......................./...Q...v.......

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-security-cryptoapi-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:7DF407CB1726FD54A63B3F005F346328
    SHA1:CA969588551B00847A7461B265E8058D3CD2157E
    SHA-256:53F5B28559BA8A016FE9EB615A89EAF3DA31951FCDC3275DBC9DFDCF2A92DE4B
    SHA-512:D283EB5B0BEB61C2ADBD721628A156999849536E1AA48564015A5F7120F14B0B70C4F0CA7790AA0A43455CBA8DD84C95B966C1216BAFADB68DD32B7AA998CA4E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...'..............!......................... ...............................0......# ....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....'...........A...T...T.......'...........d...............'...........$...........RSDS#.o1.(.n3,..n.O.....api-ms-win-security-cryptoapi-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...#.o1.(.n3,..n.O..{.t.oQ.bm'.......'...............'...'...H...............?...p...................:...f...............#...X.......................i............... ...G...r...............%...Q...~...............7...^...............

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-service-management-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:05E0365D5DED1207433933C6E3456171
    SHA1:F5F671C8C8F438F87E3F6BFD93B9F47AEBD60F01
    SHA-256:1BF9814305EF1AEA65110E4C27467C57897527D345622EE10F367B2E9C21CABA
    SHA-512:E0F5A826BA1A5A24C219F7CD7603ECD7CD8A7BF5607095015FC82DF71C364452AB215FEF4C13320138558758E93961DAB25D5AC3B5C07B01BB9CCAD40D5A5B15
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...r+@5...........!......................... ...............................0.......r....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....r+@5........A...T...T.......r+@5........d...............r+@5........$...........RSDS.>.{.......B...7....api-ms-win-service-management-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....>.{.......B...7..1P..t....r+@5....r+@5....................H...d..............."...H...n.......................:..._.........................api-ms-win-service-management-l1-1-0.dll.CloseServiceHandle.advapi32.CloseServiceHandle.Co

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-service-management-l2-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:63AB5FFEE5BA456BBF69865F25D806A1
    SHA1:B148489028C811F85E8B2CD887B787A5ECEFB3AB
    SHA-256:C2BDE7DAAE9E117E2B2DDDDB1B2744A1EB3EC657F34ABC248BC18AB8F2BDDCE4
    SHA-512:CD891A853E325C33BB898DA97019622307C0C98207BBB2C098586EEE9B5858D95E3B4F4B4374265171C21763166C7FD348A453719F92F600C8B7C3A1CF68D8BD
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...-..=...........!......................... ...............................0......~U....@......................... ...Y............ ..................."..............T............................................................................text...y........................... ..`.rsrc........ ......................@..@....-..=........A...T...T.......-..=........d...............-..=........$...........RSDS..X...2.....3.......api-ms-win-service-management-l2-1-0.pdb............T....rdata..T........rdata$zzzdbg... ...Y....edata... ..`....rsrc$01....` .......rsrc$02.... .....X...2.....3.......i.1....Z-..=....-..=....................H...h...............D...}........... ...W...........)...h...............>...................api-ms-win-service-management-l2-1-0.dll.ChangeServiceConfig2W.advapi32.ChangeSe

    C:\Windows\TEMP\is-5L66I.tmp\api-ms-win-service-private-l1-1-0.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:342CC089E8DA9E7C67EB8BA14F38528B
    SHA1:75636E7750F0008B6AEF2333869924836E8371B5
    SHA-256:88CB8EFF6DE572B1563A3362F9CE14EAE3714089035D56B9F1C544069A76A81A
    SHA-512:C98F4715282CFC3BFF8EF17D2BA2775F00754F75005ECC7A77A3FCF6E938E6EFD14799E304A0CD185968E1A645A60DDF46EDB10F442BA6AB06C2D29BA2318C7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....J\}...........!......................... ...............................0.......N....@......................... ................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....J\}........>...T...T........J\}........d................J\}........$...........RSDS.K.....b3.7"..>X....api-ms-win-service-private-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....K.....b3.7"..>X..|.g]7.'.6..J\}.........J\}....................H...............p...............\...................:...k...........................M...............=...................&...W...............[...............................

    C:\Windows\TEMP\is-5L66I.tmp\concrt140.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8FFFB33F52BE9781285A666F800C6A81
    SHA1:479913B06EAA223999D8342D0DE439D4B78C6ECD
    SHA-256:0AD01F6B1EB2FE2C343BA9FBCFFD92C3577AF9B52E366B2923891F11E8C9A6C2
    SHA-512:2D0B12E4A1426FD5765E6DC1B690504429715B62A511FC3807E865C2197091AD2A1F31AA9091C54BA1AC2199A401405FEED0D8507378696678C4EE44AB540EB8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9hZ.W;Z.W;Z.W;...;X.W;S..;P.W;..V:_.W;Z.V;.W;..S:Q.W;..T:].W;..R:..W;..W:[.W;...;[.W;..U:[.W;RichZ.W;........PE..L....._.........."!.........x...............0......................................BQ....@A.............................K..<r...........................#.......+...;..8............................<..@............p..8............................text...L........................... ..`.data....4...0...2..."..............@....idata.......p.......T..............@..@.rsrc................f..............@..@.reloc...+.......,...j..............@..B........................................................................................................................................................................................................................................................................................................................

    C:\Windows\TEMP\is-5L66I.tmp\corefixer.exe (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8C6B2A55BC6360F4F5EA5F5049A19065
    SHA1:814F0895AAB0567279AF51DE085A901B4FA430BC
    SHA-256:83D6A1EF68BFBC5AF19B34404E1ABFA8FCA8490006373466388DD144B27626FE
    SHA-512:0CCEEB983830DC7C80023D7D61EFC69C1F0564171BEBF7D53BBC539E8E5C1C758C5D7885D895C572B507600DB6471B1C8956065D83706BAE865F6A5BAC2C996A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......mp..).u.).u.).u.o@..E.u.o@..".u.o@....u....".u.).t.@.u....(.u.$C..(.u....(.u.Rich).u.................PE..d.....!`..........".................TB.........@.............................@............`.................................................<...x.... ......0...........p...............8............................w..p............................................text............................... ..`.rdata..V...........................@..@.data...X?..........................@....pdata..............................@..@.dbld0..............................`..h.reloc..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................

    C:\Windows\TEMP\is-5L66I.tmp\error.bmp (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2835 x 2835 px/m, cbSize 26494, bits offset 118
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:81822A54876E4173AB681602874D72AB
    SHA1:926670C0C0EF8A0DD94E154E9E01BAC1BDE5F70E
    SHA-256:ED29866F1BD59DC688946C29E0693B2B66D759BECCE80D615167360C28287598
    SHA-512:F84C91EB0EAD717E9ACBA8CDC13E3B6076C14DD79D0AE7ACD1AAA8934902B78D99BA6B4BE7A5E5BD7FB6B6318EAC1CFAEEE4D6B5469E534751F141656022836C
    Malicious:false
    Reputation:unknown
    Preview:BM~g......v...(.......:............g....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\TEMP\is-5L66I.tmp\ucrtbase.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:A20AAB46167FFB31E2D1B243E8013F2B
    SHA1:56F7063036D53FD9F47F3551115D7530F18EEDBA
    SHA-256:C5C7468E998B13B6A65788C988C327D6E41924C8355CB47D4348AB8C2D5F5874
    SHA-512:F3630AF6342E4D695DB1C174C0734950125CCBCA2BD2489904F345D95C77F8CD09FFFDB83A2CBB67C75075F676DB270A0105CE5D4ABC88166E60ACECB6BE782D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>2._\.._\.._\..'.._\.._].)_\..7..._\..7\.._\..7_.._\..7Y.._\..7R..]\..7X.._\..7..._\..7^.._\.Rich._\.................PE..L.....t...........!................................................................i.....@A................................p........0...................J...@..T...P...T...........................p...@...............l............................text...p........................... ..`.data...$...........................@....idata..............................@..@.rsrc........0......................@..@.reloc..T....@......................@..B................................................................................................................................................................................................................................................................................................................

    C:\Windows\TEMP\is-5L66I.tmp\vccorlib140.dll (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:948275A307DDBA050EAAB66448E07D26
    SHA1:E06AB60C66BA361BAF3F3E2EB4B1949587854B0A
    SHA-256:F1D630A5BFD0292502274621CEE911F4BAC2D314795A105F5E8CCC0BFA70C117
    SHA-512:07AFD6FEF2C01E849943D2C9744D2ED813517A667915EC76CD7402786525F181A51967346538820B71B72D4EF46B5576619261BD06DB7C8CDE4D8A83CDBD7667
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........b..1..1..1../1..1s..0..1s..0..1s..0..1s..0..1y.S1..1..1...1s..0..1s..0..1s.C1..1s..0..1Rich..1................PE..L......_.........."!.........................0...............................0.......a....@A........................ ....=...............................#.......W..lJ..8............................J..@............................................text...;........................... ..`.data...(p...0...n..................@....idata..............................@..@.rsrc...............................@..@.reloc...W.......X..................@..B........................................................................................................................................................................................................................................................................................................

    C:\Windows\Temp\is-5L66I.tmp\0

    Download File
    Process:C:\Windows\System32\cmd.exe
    File Type:ASCII text, with CRLF line terminators
    Category:modified
    Size (bytes):3195
    Entropy (8bit):4.128898503895612
    Encrypted:false
    SSDEEP:
    MD5:5F303E189BB45B62EF3E98BA3E3FF6FB
    SHA1:505134779B39973CE29BA98C31C82224EDE77E52
    SHA-256:1CFE996BEBF37ED2EF4E3EBE23B4B56BEC13275E6C2578CF0F0BF403DE3B03E3
    SHA-512:2D72213E5F4011DCAC2549A54692677A40E727D9E19856B6BE5B7DE3CE07CDF7910EB2E66D21E88B391575384FD81F7C204A737CDFCD25C98DFE8DFA4B90B565
    Malicious:false
    Reputation:unknown
    Preview:..TASKLIST [/S system [/U username [/P [password]]]].. [/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]....Description:.. This tool displays a list of currently running processes on.. either a local or remote machine.....Parameter List:.. /S system Specifies the remote system to connect to..... /U [domain\]user Specifies the user context under which.. the command should execute..... /P [password] Specifies the password for the given.. user context. Prompts for input if omitted..... /M [module] Lists all tasks currently using the given.. exe/dll name. If the module name is not.. specified all loaded modules are displayed..... /SVC Displays services hosted in each process..... /APPS Displays Store Apps and their associated processes..... /V Displays

    C:\Windows\Temp\is-5L66I.tmp\_isetup\_setup64.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):6144
    Entropy (8bit):4.720366600008286
    Encrypted:false
    SSDEEP:
    MD5:E4211D6D009757C078A9FAC7FF4F03D4
    SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
    SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
    SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

    C:\Windows\Temp\is-5L66I.tmp\check_core.bat

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:DOS batch file, ASCII text, with CRLF line terminators
    Category:modified
    Size (bytes):247
    Entropy (8bit):4.512691505102606
    Encrypted:false
    SSDEEP:
    MD5:4ED7CD2872395995D552B9796B562140
    SHA1:9D879C443E8663350C7B592D454DAFD8D3EADD6C
    SHA-256:EA687E67A20DDE4295A689CF568A67B10CE63BC330273AA5FED4B98575F12082
    SHA-512:0C1AFACE875FC2DC0FDF07D76CCBE8E9031DD691A7C443D89E9F76266E240D54B303FEB416559B46490B5CC88121DB2CC21647BB5D53C2326306EF6A30BB06B0
    Malicious:false
    Reputation:unknown
    Preview:@echo off..cmd /c tasklist /? > 0..if ERRORLEVEL 0 (.. tasklist /FI "imagename eq core.exe" | find /C "core.exe">tmp.txt.. for /f %%i in (tmp.txt) do (.. if %%i GEQ 2 (.. exit /b 0.. ) else (.. exit /b 1.. ).. )..)..exit /b 0

    C:\Windows\Temp\is-5L66I.tmp\get_version.exe

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):686640
    Entropy (8bit):6.409483633643416
    Encrypted:false
    SSDEEP:
    MD5:48CB673E0AD3A916A4702E6C8E142310
    SHA1:DC78D284F4AD621B3B92990F990B99C6D9115174
    SHA-256:B4FF63F3565AE5EE8498F76D443543677EEE7EDB4EC5ACD40AFE48F84FF80175
    SHA-512:6BE900B86DFCDE5304B7D3B05D18797F85E71470EB53A311C3A7A6E2286EFD34A303F864BFAB010095D224FB935736F18668EF133A9323AB1E373A34E79CBA0F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.....T...T...TP..T...TP. TX..TP.!T..T...T...T.}.T...T...Tk..T.. T*..T...T...TRich...T................PE..d....BlW.........."..................B.........@.....................................y....`....................................................<............0...[...F..04......l....9..8...............................p............0...............................text...s........................... ..`.rdata...z...0...|..................@..@.data...`s.......*..................@....pdata...[...0...\..................@..@.gas0...,........................... ..`.reloc..l............*..............@..@.rsrc................D..............@..@................................................................................................................................................................................................................................

    C:\Windows\Temp\is-5L66I.tmp\is-0N7L2.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.875266217249864
    Encrypted:false
    SSDEEP:
    MD5:12961A8D12E77FC9B66345B80456F7FE
    SHA1:EC320D7A73DCF97B4B4FCB6E764A238A318E38C4
    SHA-256:4879D504F9BFB07BEA63F737A7D075D02BD3EC8FDBEC4ACBCF13C22E2BECE3B8
    SHA-512:57543F08371F07021ED31CBB5A612C42F6544FAFE81B076DFBC009E722A099F34A2E33EFBDD6512C06C45331C82F7984FCE14952C35DFC2C7A485BB553E1B2E8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....qW`...........!......................... ...............................0............@......................... ...6............ ..................."..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.....qW`........:...T...T........qW`........d................qW`........$...........RSDS.gN........;.......api-ms-win-core-memory-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ...6....edata... ..`....rsrc$01....` .......rsrc$02.... ....gN........;......p.i*.'.l..qW`.............qW`....................H...........#...\...............N...|...............T...................?.......E...|...........7...n...............D...m...............1...................................

    C:\Windows\Temp\is-5L66I.tmp\is-0PT5M.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.8631907170163045
    Encrypted:false
    SSDEEP:
    MD5:47F61567C3CD5CF4FC91B6C966402ACB
    SHA1:2365D52BA87AEDBB9075E4B5E82F146F2551AAE8
    SHA-256:B5D50AA80BF3731123D95C177D4D00EB8B2D21FED575C6969271C96A4520DF00
    SHA-512:959DAA2FD02EF7D7254866A721E102395E43AA2BA69E88D38B9D0BAEB439A0FB1FB50DAA6684C51C68DD58648749300D98F79953B02B432F11ABF9054D59E6AB
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....@a............!......................... ...............................0......L.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....@a.........<...T...T........@a.........d................@a.........$...........RSDS..PP.H...)}..D[....api-ms-win-core-realtime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....PP.H...)}..D[.E.....:...@a..............@a.....z...............H...\...p...........:...n...............$...Y.................api-ms-win-core-realtime-l1-1-0.dll.QueryIdleProcessorCycleTime.kernel32.QueryIdleProcessorCycleTime.QueryIdle

    C:\Windows\Temp\is-5L66I.tmp\is-1UP2T.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10760
    Entropy (8bit):6.945428364355173
    Encrypted:false
    SSDEEP:
    MD5:6201C1EC72004FCCAAFC58CE96CA3E4A
    SHA1:4E1D8E7A3C0E373A732914B6C1187AB01701F928
    SHA-256:9D3EFDBB986B73C155A72D6FC1179E071CBEB7918D0407077E02058A2FE80AB1
    SHA-512:DE7ACDDA4A2458AE57C3C31263383185757600CAC6862207C4B096EE7EFE6FE699F15485D7B3B8B46AFFCDE3B24D39B87FDB47BD6697DCF0CEB514A44205F83C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..."7.y...........!......................... ...............................0.......p....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@...."7.y........=...T...T......."7.y........d..............."7.y........$...........RSDS..|."5.P.#..........api-ms-win-core-delayload-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....|."5.P.#.........7M..T..."7.y........"7.y....R...............H...L...P.......w.....api-ms-win-core-delayload-l1-1-0.dll.DelayLoadFailureHook.kernel32.DelayLoadFailureHook...............................................................

    C:\Windows\Temp\is-5L66I.tmp\is-245ML.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12296
    Entropy (8bit):6.77509279673419
    Encrypted:false
    SSDEEP:
    MD5:FEEF06E726661A84A6F1566A25134694
    SHA1:512989D934FD51A2496115F93AE679A813126B0A
    SHA-256:0915617A618EABFF79C105F08C163711DB082DFDEF789868E713E569952ED9A9
    SHA-512:6383377326F0B8952484E5920FFF93049D631C9E67D7BDBD0FB0B14ADB147421B6717F481FB7F92E6122773AD70DCDAB3259B1ED86F230DA0C129584CDD74BDB
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0.......Y....@.........................0...G............ ..................."..............T............................................................................text...w........................... ..`.rsrc........ ......................@..@................F...T...T...................d...........................$...........RSDS.G..a..v...3.z......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg...0...G....edata... ..`....rsrc$01....` .......rsrc$02.... ....G..a..v...3.z..=..f[...f.i.............................*...............X...........r...........#...T...}...............H...................3...f...............:..._...X...............D...m...............1...h...................

    C:\Windows\Temp\is-5L66I.tmp\is-261PJ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10768
    Entropy (8bit):6.9614642452620386
    Encrypted:false
    SSDEEP:
    MD5:7D0690A235298519FDC912928F0333EF
    SHA1:D2AFFE98FCB0A0C473CA5756C3687A246B642BB3
    SHA-256:7A6F4E0442B3B4F6F936C00E7FD813D0FDA011F10496481D94805003CF4F330B
    SHA-512:98E1A4F2D0799CD2A36C5260CA3543544A6AC5973AA66D8C31FEE7842118281024EE27F2A9A31CE1A7429D7AEA99FF2D4628303CCA65FEF85CCB887868AB4EED
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0...........@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@...............<...T...T..................d..........................$...........RSDSt#.2..Z...ht_.,.....api-ms-win-core-datetime-l1-1-1.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...t#.2..Z...ht_.,. .#.....\.g.......................\...............H...P...X.......................api-ms-win-core-datetime-l1-1-1.dll.GetDateFormatEx.kernel32.GetDateFormatEx.GetTimeFormatEx.kernel32.GetTimeFormatEx.......................

    C:\Windows\Temp\is-5L66I.tmp\is-2KIRS.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11784
    Entropy (8bit):6.812076931675519
    Encrypted:false
    SSDEEP:
    MD5:BC0D10744E41ACC405A39B6E3638708B
    SHA1:711C2896D90A246D4F6F006ED4B1E4BFC0B18429
    SHA-256:D573B80776FCF78AAFB13F789AB2AADA14513E35F106BA95E6098509EB5F0659
    SHA-512:2CF685827A9916C6C9A1C29CB8A3642047E7DD0161A652C08F508F6CA0EDEBB2E2B4B2921AC11EB09F20DD2DC1DA64E6F3BAD91AA9EFBADFBD8E9835DC265909
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...f..............!......................... ...............................0.......z....@......................... ...l............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....f...........:...T...T.......f...........d...............f...........$...........RSDS.`9+ls.&.6}<,!......api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ...l....edata... ..`....rsrc$01....` .......rsrc$02.... ....`9+ls.&.6}<,!...z.=@..{ .3f...............f.......................H...............I...p...................>...c................... ...E...p.......9...b...................1...T...{...................6...]...................................

    C:\Windows\Temp\is-5L66I.tmp\is-31L3I.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):131184
    Entropy (8bit):6.144521264260915
    Encrypted:false
    SSDEEP:
    MD5:8C6B2A55BC6360F4F5EA5F5049A19065
    SHA1:814F0895AAB0567279AF51DE085A901B4FA430BC
    SHA-256:83D6A1EF68BFBC5AF19B34404E1ABFA8FCA8490006373466388DD144B27626FE
    SHA-512:0CCEEB983830DC7C80023D7D61EFC69C1F0564171BEBF7D53BBC539E8E5C1C758C5D7885D895C572B507600DB6471B1C8956065D83706BAE865F6A5BAC2C996A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......mp..).u.).u.).u.o@..E.u.o@..".u.o@....u....".u.).t.@.u....(.u.$C..(.u....(.u.Rich).u.................PE..d.....!`..........".................TB.........@.............................@............`.................................................<...x.... ......0...........p...............8............................w..p............................................text............................... ..`.rdata..V...........................@..@.data...X?..........................@....pdata..............................@..@.dbld0..............................`..h.reloc..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................

    C:\Windows\Temp\is-5L66I.tmp\is-3HHPB.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.855005482436437
    Encrypted:false
    SSDEEP:
    MD5:05E0365D5DED1207433933C6E3456171
    SHA1:F5F671C8C8F438F87E3F6BFD93B9F47AEBD60F01
    SHA-256:1BF9814305EF1AEA65110E4C27467C57897527D345622EE10F367B2E9C21CABA
    SHA-512:E0F5A826BA1A5A24C219F7CD7603ECD7CD8A7BF5607095015FC82DF71C364452AB215FEF4C13320138558758E93961DAB25D5AC3B5C07B01BB9CCAD40D5A5B15
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...r+@5...........!......................... ...............................0.......r....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....r+@5........A...T...T.......r+@5........d...............r+@5........$...........RSDS.>.{.......B...7....api-ms-win-service-management-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....>.{.......B...7..1P..t....r+@5....r+@5....................H...d..............."...H...n.......................:..._.........................api-ms-win-service-management-l1-1-0.dll.CloseServiceHandle.advapi32.CloseServiceHandle.Co

    C:\Windows\Temp\is-5L66I.tmp\is-47H94.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.820215972384542
    Encrypted:false
    SSDEEP:
    MD5:4B78F140BE9D58050693B0F1CF57E101
    SHA1:900E591D6C2022BB7BF2B5BEC63469317351EB2C
    SHA-256:5C61D38F3983F39382E74006C9391B082B010CE343A561C90E571581E649C495
    SHA-512:9B4C956A847E75527601C496B86DBA9DC61A75FE273E0574169FD91F58CF1BFA43AF4DD9ACBB4F198135A7D79C32FE8E1A15C7C3721C8E9B14ACC3ACF1E71105
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....\-...........!......................... ...............................0............@......................... ..._............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......\-........:...T...T.........\-........d.................\-........$...........RSDS.cc....|3a.M..b....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ..._....edata... ..`....rsrc$01....` .......rsrc$02.... ....cc....|3a.M..b....r..B.a...\-..............\-....z...............H...\...p...................a...................L.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObject

    C:\Windows\Temp\is-5L66I.tmp\is-4N8P9.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.942253285743523
    Encrypted:false
    SSDEEP:
    MD5:5F7EA40248D4BB199EA03F9D5F1EBE83
    SHA1:0479B37657768CA674ABA40D418C198F0B1029B9
    SHA-256:2D9F462E47B950161406D478A2568BA7E490AD049C48A3818C2B4FF08F27E294
    SHA-512:3F317436C13C4751F98C27A197506CFACCB973E4ED8A95B3A1802DA02ADE8DDA5AE868FEF56EB39678C2E239AC5C23C243C598DE09922A361D428A161E1D2850
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....<._...........!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....<._........>...T...T........<._........d................<._........$...........RSDS......x...1..o....API-MS-Win-Eventing-Legacy-L1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .........x...1..ol:.W...IV~.K.<._.........<._....................H...............+...N...y...................,...M...n.......................@...e................... ...A...b...........................................api-ms-win-eventing-

    C:\Windows\Temp\is-5L66I.tmp\is-4TV0M.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.876952841643238
    Encrypted:false
    SSDEEP:
    MD5:E4EF5691D0E6EA554E8B5179252A49DE
    SHA1:2BB200F0518C679358C578B0253AA4C09806AA46
    SHA-256:C4C6392AA3F64C90DD85D08B13CFC99836AA181054BB54BA3C99C2F421B68850
    SHA-512:BC7AF83EB4FFC88CF354DEAF089E3E2938A6FB55DC9CB7982FC483CFC3A1924ACDBC627417D23D43B5E4D7FBFCD28412FA52AF3D7C764B71439047A872FA6D31
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0......w7....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@................:...T...T...................d...........................$...........RSDSPo....,3E..r.h .....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...Po....,3E..r.h .XK...z.g...........................................H...h...............%...I...o...........................=...^...............................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.Compa

    C:\Windows\Temp\is-5L66I.tmp\is-4UJCA.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):22024
    Entropy (8bit):6.2862723238463145
    Encrypted:false
    SSDEEP:
    MD5:F683358ADBD2530B10BE774ABD3A62DF
    SHA1:62AFBECFE5850A73820C8F51CFC32D74EA91BA7E
    SHA-256:0F93D2DC02A1244AE7CB3872472D4F92BD1E8F2E337AA13CEDF68DFE72C2263B
    SHA-512:869F777EB18B89C0025E650066EF568D085A3F9BCAB8002CD13429D7D86C3B7BCDE1D07CF562F696099609CC59C72E0CBDE60552B745896E0DDCEDCF204F092C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....T.>...........!.........................@...............................P.......L....@.........................0....+...........@...............4..."..............T............................................................................text....-.......................... ..`.rsrc........@.......0..............@..@v....................T.>........7...d...d........T.>........d................T.>........$...........RSDS....1...9......E....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0....+...edata...@..`....rsrc$01....`@.......rsrc$02.... .......1...9......E...s.......T.>.................T.>............:...:...X...@...(...................(...@...X...p...............................2...K...d...}.................... ... ..A ..m ... ... ... ...!..J!..u!...!...!...!..

    C:\Windows\Temp\is-5L66I.tmp\is-5NMFO.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.853543188587504
    Encrypted:false
    SSDEEP:
    MD5:4B5F725F3BB521A691B3D30794709E38
    SHA1:DE641C633B5003B07BF93A62036AD36E2A83D67F
    SHA-256:ED738EB6A30D85FF8301F80C7BCFE0BE7530384CBF81C0DD6E4D510418B3224C
    SHA-512:5281FD09C53341AB4D3C190AF01D814B449ED86D064FE99D87C50FA401F443DC04ADD153314F8EC06CBE4081696691FE5FDAF85B022FB3C584845B40CF76EB8F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...Ff.............!......................... ...............................0.......z....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....Ff..........A...T...T.......Ff..........d...............Ff..........$...........RSDS./.d.|T.,...`......api-ms-win-core-errorhandling-l1-1-1.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ..../.d.|T.,...`....4....+.n.Ff......Ff......z...............H...\...p...........A...................#...h.................api-ms-win-core-errorhandling-l1-1-1.dll.AddVectoredContinueHandler.kernel32.AddVectoredContinueHandler.AddVec

    C:\Windows\Temp\is-5L66I.tmp\is-5Q6CC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12296
    Entropy (8bit):6.785422455320651
    Encrypted:false
    SSDEEP:
    MD5:95A3B7FDC1D61E67F10DD2A5D3772A6D
    SHA1:695FC3DD5C93CBA13B2912EA9D6C473392CBDF21
    SHA-256:226EBB213BC9DA85865D61D4E3F4C414D1EBA979564922BE33235310F7998B0C
    SHA-512:4519AE3C93434BC37C875AE18ECD1AF7991BB513F1ED149F0A3338A9ED61C892D30FEA15989984F34EDC968B9130D326383A967FD98B5AB00E09D06EBEDBFBF2
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....L.............!......................... ...............................0............@......................... ...E............ ..................."..............T............................................................................text...e........................... ..`.rsrc........ ......................@..@.....L..........;...T...T........L..........d................L..........$...........RSDS.,.V..........B....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ...E....edata... ..`....rsrc$01....` .......rsrc$02.... ....,.V..........B..~.......k..L...............L......$...............H...........Z...............0...n...................W...............*...K...m...............$...O...G...v...............Z...................?...x...............@..._.......

    C:\Windows\Temp\is-5L66I.tmp\is-69B7M.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11816
    Entropy (8bit):6.8777996341325025
    Encrypted:false
    SSDEEP:
    MD5:6D1422B23C1A6FBCE786FDE4B2AC730D
    SHA1:F9718E011EE2B613F008C4931715F4586A1025BD
    SHA-256:53715AF760F84BD56195E16F2BCCDD4B38A76A8FF8FABDEBEEEC029CAF41A906
    SHA-512:F522EA403C596CA8FB1A9323C64EC852F524BB203B54C3F189D00699DFF2CE4A5509AC29A232D68EA1D470EF756D0968E95C925C04C942B9AB35892CF68EB4C4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....JI...........!......................... ...............................0............@.........................0...e............ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................JI........9...d...d.........JI........d.................JI........$...........RSDS$.,...E.b..,...g....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0...e....edata... ..`....rsrc$01....` .......rsrc$02.... ...$.,...E.b..,...g.>]......S....JI..............JI.... ...............X...........U..............."...e...................D...n.......................D...d.......A...r...............@...................7...Z...................

    C:\Windows\Temp\is-5L66I.tmp\is-79IGP.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):13840
    Entropy (8bit):6.670472558154911
    Encrypted:false
    SSDEEP:
    MD5:FE55B59ED3FE47533979CFC10CB65430
    SHA1:FA7737CEE59EF9775B114BB7489F480DCCA14152
    SHA-256:02E46EE78F33D075B7BA41138F4179868991078C9998E618C5224E44BFBB8806
    SHA-512:5B59822F09255C1AE5AF94DB74296A826B02B8EDFA3E18CB851E3DACEF6E823B8E07827D6D7E74EEACD71B12A4C9BFC3CF3439D9F8875383A8A8B1EDFF0697EC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0......c.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d...........................$...........RSDSH.r.^al.X.nAj.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...H.r.^al.X.nAj......z.cbF9.o................2.......1...1...H...........k...............!...L...................4...c...................G...n...................B...i...............>...b...............%...L...............0...h.......

    C:\Windows\Temp\is-5L66I.tmp\is-7BSLN.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.8295827059785115
    Encrypted:false
    SSDEEP:
    MD5:F21B159383B2307EEE4D173EE6E0BE6C
    SHA1:7885D39787B142CCDD391C1A1C93E81DB8D0ADB2
    SHA-256:DD94CFA70004C8C6F05BD9E72EEBD347391B0A6E9C136C42A4CCC506B3665B09
    SHA-512:975C5685C3AF200C020FCECEFDD02262DCCD7F08C086DAEBE16370656013D6AABCA3E660E459BBF6D7B4FAFA08D8C8D7457FC2B4A08629C54DAD06D39309B2AF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....l.............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....l..........B...T...T........l..........d................l..........$...........RSDSN.aH.b..G...Pnj.....API-MS-Win-Core-PrivateProfile-L1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...N.aH.b..G...Pnj.~..U\...R%..l.......l......................H...............I...............*...Q...|...............=...}...........3...h...............B...i...............!...b...................................api-ms-win-core-priv

    C:\Windows\Temp\is-5L66I.tmp\is-7IO91.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.854988486638616
    Encrypted:false
    SSDEEP:
    MD5:4739B8519EEB6FD76A109C12882E670C
    SHA1:0C60657DC4ADDC833822C1DF9CDBCFE8EA5F4814
    SHA-256:6105FE6F5446597307307148E1EF3ECC02D384306E01715E2D4BB2B2223B53B3
    SHA-512:C26965E8C4CCBC1B3FCE1AA0B478076523D65745F19F233445AE9DE92B21C335E4F65CEB3A15DBB3796E07102AABFD9FC249F8A08E1F651D3FA5C9EADAC70952
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....L...........!......................... ...............................0......'e....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......L........:...T...T.........L........d.................L........$...........RSDS..y..v....E.Q..)....api-ms-win-core-xstate-l2-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....y..v....E.Q..).h#.........L..............L....................H...`...x...............I...x...................7...d...................api-ms-win-core-xstate-l2-1-0.dll.CopyContext.kernel32.CopyContext.GetEnabledXStateFeatures.kernel32

    C:\Windows\Temp\is-5L66I.tmp\is-7JJPM.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.880823637623122
    Encrypted:false
    SSDEEP:
    MD5:08422E540F71AFBF8895440DBCE80AA4
    SHA1:22F690F251032776E47565D46F3285C4011695BD
    SHA-256:F650B7D8B20D0DC12ECDD0F683C3A1252D4FA0D9941378541738F38614AF3C67
    SHA-512:B5D24B50A332AE3CA5DB1C14398B08195F1619994B8EC5543F6ED23410EFFB546993D76254813E4B769D1CF147F8611884DBD1EF6177471BF5C258B3F5E84C35
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....A............!......................... ...............................0............@......................... ...E............ ..................."..............T............................................................................text...e........................... ..`.rsrc........ ......................@..@......A.........<...T...T.........A.........d.................A.........$...........RSDS,..[..e.;:.d.N....api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...E....edata... ..`....rsrc$01....` .......rsrc$02.... ...,..[..e.;:.d.NG0...g.@)....A...............A.....................H...|...........J...........%...c...............Y...........:.......5...h...........E...............9.........................................api-ms-win-core-timezone-l1-1-

    C:\Windows\Temp\is-5L66I.tmp\is-7PGAC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.914565022420224
    Encrypted:false
    SSDEEP:
    MD5:D1E65091E68DFD29E9A9E230AFEA0C9F
    SHA1:E3C264DED66544227C44FC727F9A2EA4001690E3
    SHA-256:CBF8DBFC4F96CB7CE8C1397F57BDE2C4755D532984405D317D9F86564BD89B5C
    SHA-512:B4C9541E81D8B84A79CF604094B427FB6B8317A790871FBD08AA41837C61453400F41D759459010EE4B2B09CCBDD0F9F8D5B2320C1C7292691C25C4B80A17680
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....R.............!......................... ...............................0......9.....@......................... ...h............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....R..........;...T...T........R..........d................R..........$...........RSDS....a.b...........api-ms-win-core-sysinfo-l1-2-0.pdb..........T....rdata..T........rdata$zzzdbg... ...h....edata... ..`....rsrc$01....` .......rsrc$02.... .......a.b.........&b...)Y?\U.R...............R......................H...l...............C...m...............@...k...........1...^...............2...W.....................api-ms-win-core-sysinfo-l1-2-0.dll.EnumSystemFirmwareTables.kernel32.E

    C:\Windows\Temp\is-5L66I.tmp\is-8D5J6.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.856904566498513
    Encrypted:false
    SSDEEP:
    MD5:018B5551C157B2EA156D7E13CB83CF8A
    SHA1:B2ADD4441327553300CDC44A71EE89DE68186AFF
    SHA-256:76A52E2E047E30093D0878888B783130410DE748355CC5D939F6559DBD2F6115
    SHA-512:6431B9AFFC488812200F6B4A3DD14C8BE4F1829CC7967CBE99320A24E405213B56591BC35D4017BFD192A9F2CE1542E5B80B0F65597C9642D17190D885005D3C
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...t..............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....t...........>...T...T.......t...........d...............t...........$...........RSDS3;C.^...P.xt.......API-MS-Win-EventLog-Legacy-L1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...3;C.^...P.xt....._......eZ.t...........t.......................H...`...x...........+...^.......................I...|...................api-ms-win-eventlog-legacy-l1-1-0.dll.DeregisterEventSource.advapi32.DeregisterEventSource.GetEventL

    C:\Windows\Temp\is-5L66I.tmp\is-8GD0B.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):17960
    Entropy (8bit):6.395143932618438
    Encrypted:false
    SSDEEP:
    MD5:8594FF30AAB6D441F95C500D67A57E7A
    SHA1:24C77A2D8B5FB19F0744EE53B4BC4D511E7BD945
    SHA-256:7DE6493B79CF66B0B69BA94089945E44982BFB6C528CBFA7C6EB1FD90985E6FA
    SHA-512:04947DC3DF87E0EF447CBAEE2EE1EB7B5E230F0200DACD2C051BD9987AC6B13B06276C22634B18492522F63FDF33339802CB86CCA24653E5A94B50881466A07D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....J.............!.........................0...............................@.......1....@.........................0................0...............$..("..............T............................................................................text............................... ..`.rsrc........0....... ..............@..@v....................J..........9...d...d........J..........d................J..........$...........RSDS...mL..w.z....A....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ......mL..w.z....A.OQ..N..(...J...............J......L...............X... .......w.......................%...C...b...........................:...\...{.......................:...[...{.......................@...a...............

    C:\Windows\Temp\is-5L66I.tmp\is-8P6T2.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.9042152950130555
    Encrypted:false
    SSDEEP:
    MD5:BF4C34BE59B71FB162E48CDA39A1026F
    SHA1:D8ACB19074F67C7FFD89A301FEABA707E6AB26C3
    SHA-256:5DA9AE70DE91102A540AFFB14E34169AA95EB376F41F4649E2E78E9C644976F1
    SHA-512:D1D09776719CEDD33A084983B6BC4A5B33358053B1472EC69C6B1E6B72DCABCDA26B0DC6E59BB5E18F5F5A815439C901B257AB00FBB9A3BE034AD3ECBEE8A8E1
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...x.X............!......................... ...............................0......,.....@......................... ...\............ ..................."..............T............................................................................text...|........................... ..`.rsrc........ ......................@..@....x.X.........@...T...T.......x.X.........d...............x.X.........$...........RSDS...v..A.a=D.........API-MS-Win-Eventing-Provider-L1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...\....edata... ..`....rsrc$01....` .......rsrc$02.... ......v..A.a=D.....lR..t..D.U%qx.X.........x.X.....................H...p...............C...o...................3...`...............a..................."...M.......................api-ms-win-eventing-provider-l1-1-0.dll.EventActivityIdContr

    C:\Windows\Temp\is-5L66I.tmp\is-9BRTU.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12816
    Entropy (8bit):6.860858929723349
    Encrypted:false
    SSDEEP:
    MD5:7DF407CB1726FD54A63B3F005F346328
    SHA1:CA969588551B00847A7461B265E8058D3CD2157E
    SHA-256:53F5B28559BA8A016FE9EB615A89EAF3DA31951FCDC3275DBC9DFDCF2A92DE4B
    SHA-512:D283EB5B0BEB61C2ADBD721628A156999849536E1AA48564015A5F7120F14B0B70C4F0CA7790AA0A43455CBA8DD84C95B966C1216BAFADB68DD32B7AA998CA4E
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...'..............!......................... ...............................0......# ....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....'...........A...T...T.......'...........d...............'...........$...........RSDS#.o1.(.n3,..n.O.....api-ms-win-security-cryptoapi-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...#.o1.(.n3,..n.O..{.t.oQ.bm'.......'...............'...'...H...............?...p...................:...f...............#...X.......................i............... ...G...r...............%...Q...~...............7...^...............

    C:\Windows\Temp\is-5L66I.tmp\is-9MEU6.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.783518495242616
    Encrypted:false
    SSDEEP:
    MD5:C58C0BB59A27669D89281726781C7FEB
    SHA1:3485FBA57A7A916C1802D53A1F0CB04D430FA35E
    SHA-256:2882D9DD27162C230C46218672C2B1E2CBB2D969661BC6D89FDB8BB02BA5D206
    SHA-512:DCA33729079BA89266BDD01A79A798A85D8CD08229A538F9A98E842DFF06030CC92D92F79C603CF5244DC73244BFC9760C63FAB2DC007C5A97E55D8E3228C895
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...(o.............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....(o..........6...T...T.......(o..........d...............(o..........$...........RSDS0zD./.W..".....(....api-ms-win-core-io-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...0zD./.W..".....(.hD<~.s..}(o..................(o......f...............H...T...`.................................api-ms-win-core-io-l1-1-1.dll.CancelIo.kernel32.CancelIo.CancelSynchronousIo.kernel32.CancelSynchronousIo.GetOverlappedResultEx.ke

    C:\Windows\Temp\is-5L66I.tmp\is-A1JBC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.920731106068051
    Encrypted:false
    SSDEEP:
    MD5:F0C3B5B14D0B5C1420D1E22F3585F4C3
    SHA1:CDE069A5CBC8BDEFCFF8A67DCF26538CF35EB99B
    SHA-256:145CCA35FC844F511E8AF7756374D27125A440B088410ADE80C15527FB39E224
    SHA-512:D31FA82062057909E3B7BA150CCF601E1E2BD657996AEF1C48187864C4D1B66C6D74E3971338FC497D31978121E253910647E761FAE7F484B75C86939112ADEC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L................!......................... ...............................0............@......................... ...r............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@..............:...T...T.................d.........................$...........RSDS.L.^..4.....@.......api-ms-win-core-xstate-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ...r....edata... ..`....rsrc$01....` .......rsrc$02.... ....L.^..4.....@....k.8^8.8.Y.....................................H...h...............L...............9...q...........0...n..........."...V...................api-ms-win-core-xstate-l1-1-0.dll.RtlCopyExtendedContext.ntdll.RtlCopyExtendedCo

    C:\Windows\Temp\is-5L66I.tmp\is-A6RUS.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.810879872248186
    Encrypted:false
    SSDEEP:
    MD5:74A4B714C851DE93C773B1772A40807D
    SHA1:48506056F569A40EE28155C507E3578AF5EA4579
    SHA-256:8B9D7B249FD8B32D14465B6D038060DA3545114BCF0041ADA1F7205B81D6887D
    SHA-512:683FF7108630C74CD8A8F4AD1701C952545450405AB10FB8D744681E3BD3F9E5F3EB48BDDDC9217E37A7A28F65979B0CEA1D21B88BC7C6D41B5D54F8D90909CF
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...E..Q...........!......................... ...............................0......6.....@......................... ...+............ ..................."..............T............................................................................text...K........................... ..`.rsrc........ ......................@..@....E..Q........;...T...T.......E..Q........d...............E..Q........$...........RSDS...g.8.n...hu. .....api-ms-win-core-version-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ...+....edata... ..`....rsrc$01....` .......rsrc$02.... ......g.8.n...hu. ...|.6J..:.ZJE..Q............E..Q....p...............H...X...h...............4...............%...........api-ms-win-core-version-l1-1-0.dll.GetFileVersionInfoExW.version.GetFileVersionInfoExW.GetFileVersionInfoSizeExW.version

    C:\Windows\Temp\is-5L66I.tmp\is-E76FA.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.877893209584706
    Encrypted:false
    SSDEEP:
    MD5:8FD9C6465594EF73628B6A86F7A98FBD
    SHA1:41A11898033C8D33F8B04BB86DDA3B6E8A479270
    SHA-256:2A9C1541D0A164491223D52FEC3D4B72AAFD0A147C199DC8BDEDF7998C5FCB52
    SHA-512:DCD7277B7A565F095826A558BD764144998DC52144D1476F13B480F27236D6F3427B7F222E0B0286D3B5443453E38D3545C03BE8C22300DBE33148DDF7C6736A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L......i...........!......................... ...............................0.......$....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......i........A...T...T..........i........d..................i........$...........RSDS*+bD.K.6...W........api-ms-win-security-lsalookup-l2-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...*+bD.K.6...W........>`....W....i.......i....................H...`...x...........%..._.......................J...}...................api-ms-win-security-lsalookup-l2-1-0.dll.LookupAccountNameW.advapi32.LookupAccountNameW.LookupAccoun

    C:\Windows\Temp\is-5L66I.tmp\is-EC67U.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):13328
    Entropy (8bit):6.742461872829894
    Encrypted:false
    SSDEEP:
    MD5:D87B51451A6EFBBF135691059292BB40
    SHA1:D2E3F6D30B6AC62C9F356C00598BE6B83CA8D13E
    SHA-256:95366108F386E6FE52ED893824AACD8140C5BB58536B13218B1E47B1AC374D5B
    SHA-512:28BA1845B3EA3808F70FBED6B72F92EB2FF00F2384AF666CD26BD0C30C6E122A9DC6EE82EE543AABF15FEBE0BF5A7F668D6F4CA8000A3110EDB5766B7F549163
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0......T.....@......................... ...V............ ..................."..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@................9...T...T...................d...........................$...........RSDS,:..n......Ng.V....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ...V....edata... ..`....rsrc$01....` .......rsrc$02.... ...,:..n......Ng.V...._......................................)...)...H...............Q.......................A...f...................D...x...........D...{...................5...`...................A...q...................?...{...........$...

    C:\Windows\Temp\is-5L66I.tmp\is-F0IEN.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):13320
    Entropy (8bit):6.794839887359121
    Encrypted:false
    SSDEEP:
    MD5:624915257DC0AE06FC9AD0FC03F189AB
    SHA1:29E66D8A59BAF09E92D866A7E877ED8211E58699
    SHA-256:C4B5A08B6FA9BEEE7D9E924AE98A8CF49ED33B09455C5AEAB03FF817C3867E15
    SHA-512:A12423539C990797D2245DA4C88C5F2C6717E53F63686D1E4EAC590A371DCEE6532EA976B7F413EB814D27ECA3E468C5623B50471CE7A3B1AA04889763666A9F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....].#...........!......................... ...............................0.......=....@......................... ...[............ ..................."..............T............................................................................text...{........................... ..`.rsrc........ ......................@..@.....].#........>...T...T........].#........d................].#........$...........RSDSq.nVi...[Z.X........api-ms-win-core-threadpool-l1-2-0.pdb...........T....rdata..T........rdata$zzzdbg... ...[....edata... ..`....rsrc$01....` .......rsrc$02.... ...q.nVi...[Z.X....T:.R........].#.........].#............%...%...H.......p......."...N...............9...k...............:...l...............e...........9...............[...............D...t...............<...~...........S...........>...

    C:\Windows\Temp\is-5L66I.tmp\is-FVT0H.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12304
    Entropy (8bit):6.783416956509974
    Encrypted:false
    SSDEEP:
    MD5:952B246782E981B220908FF06B14C585
    SHA1:27A7783DB7C31D89422BD619852908F4DC33C184
    SHA-256:22476C5FCC5F45AB99749CB64999CDB6D9D48740CA5424C027C31C4444AD1795
    SHA-512:48A2F78DB4AC0E56EAD47143325D0ADA2FFC4DAEEA9C49E4CFFCD0AE41F9118C5B8A148B4060FCD02BD3C257DE02D3B580AB6E30AE6D731E229E92F31274146D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....$...........!......................... ...............................0............@......................... ...;............ ..................."..............T............................................................................text...[........................... ..`.rsrc........ ......................@..@......$........A...T...T.........$........d.................$........$...........RSDS.p..;....t.+.s......API-MS-Win-Security-LsaPolicy-L1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ...;....edata... ..`....rsrc$01....` .......rsrc$02.... ....p..;....t.+.s..W.t.m....}....$......$....$...............H...........a...............!...Z...................M...u...................H...w...............>...M...~...............L...q...............=.......f...............9...`...

    C:\Windows\Temp\is-5L66I.tmp\is-GV6UC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.915622924294323
    Encrypted:false
    SSDEEP:
    MD5:63AB5FFEE5BA456BBF69865F25D806A1
    SHA1:B148489028C811F85E8B2CD887B787A5ECEFB3AB
    SHA-256:C2BDE7DAAE9E117E2B2DDDDB1B2744A1EB3EC657F34ABC248BC18AB8F2BDDCE4
    SHA-512:CD891A853E325C33BB898DA97019622307C0C98207BBB2C098586EEE9B5858D95E3B4F4B4374265171C21763166C7FD348A453719F92F600C8B7C3A1CF68D8BD
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...-..=...........!......................... ...............................0......~U....@......................... ...Y............ ..................."..............T............................................................................text...y........................... ..`.rsrc........ ......................@..@....-..=........A...T...T.......-..=........d...............-..=........$...........RSDS..X...2.....3.......api-ms-win-service-management-l2-1-0.pdb............T....rdata..T........rdata$zzzdbg... ...Y....edata... ..`....rsrc$01....` .......rsrc$02.... .....X...2.....3.......i.1....Z-..=....-..=....................H...h...............D...}........... ...W...........)...h...............>...................api-ms-win-service-management-l2-1-0.dll.ChangeServiceConfig2W.advapi32.ChangeSe

    C:\Windows\Temp\is-5L66I.tmp\is-H8KK3.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.8102182507195375
    Encrypted:false
    SSDEEP:
    MD5:D0AF7FDB22EF65ECFD861726C10CE489
    SHA1:135FA77423F0893629CFF3CC5197AE9A09579253
    SHA-256:87F17BDC61E71F15B3FE684E239EFB8B39F9EC245010C457517436AEF9C6B364
    SHA-512:79F1DE08AD66ABC93227EB20E93CC7FF6B6A94D4752B1765B43B0A6D551861290E3334480AC46AC84C615D05EB25AEBB4795C2DDCF0830B182DAC800735C5AEA
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....9.H...........!......................... ...............................0...........@......................... ...9............ ..................."..............T............................................................................text...Y........................... ..`.rsrc........ ......................@..@.....9.H........8...T...T........9.H........d................9.H........$...........RSDS....",3..}F........api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...9....edata... ..`....rsrc$01....` .......rsrc$02.... .......",3..}F.....$.*}g......9.H.................9.H....z...............H...\...p...................<...................(.............api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.ke

    C:\Windows\Temp\is-5L66I.tmp\is-I05AI.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.934768861837081
    Encrypted:false
    SSDEEP:
    MD5:26626A6E929F24DEA50E2C6BD7E0DC70
    SHA1:D3D3929081CC94C31E3BC1D5DBACF87F524E91ED
    SHA-256:8C80EDD19A1C61A5306DAF2A20319A8E26575AB2326F261411BE2927821C11C6
    SHA-512:3C9D1BE1A927A606DE9B11CCB9EE6BF3C640B8D4A630A1D3EBB7DB3183B6C169B88D5719AF24539F019C2900178B00E75CAD38E8623073514621E221C4F4E6CD
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L................!......................... ...............................0.......`....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@..............B...T...T.................d.........................$...........RSDS..;......3.......API-MS-Win-Eventing-Controller-L1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....;......3....*...[!..y............................H...t...............B...t...................=...g...............,...a...................2...Q.............................api-ms-win-eventing-controller-l1-1-0.dll.ControlT

    C:\Windows\Temp\is-5L66I.tmp\is-I1032.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2835 x 2835 px/m, cbSize 26494, bits offset 118
    Category:dropped
    Size (bytes):26494
    Entropy (8bit):1.8878230383101224
    Encrypted:false
    SSDEEP:
    MD5:81822A54876E4173AB681602874D72AB
    SHA1:926670C0C0EF8A0DD94E154E9E01BAC1BDE5F70E
    SHA-256:ED29866F1BD59DC688946C29E0693B2B66D759BECCE80D615167360C28287598
    SHA-512:F84C91EB0EAD717E9ACBA8CDC13E3B6076C14DD79D0AE7ACD1AAA8934902B78D99BA6B4BE7A5E5BD7FB6B6318EAC1CFAEEE4D6B5469E534751F141656022836C
    Malicious:false
    Reputation:unknown
    Preview:BM~g......v...(.......:............g....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\Temp\is-5L66I.tmp\is-I859F.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.809862488138247
    Encrypted:false
    SSDEEP:
    MD5:8A31142AC810277946FAB639806A59CA
    SHA1:01CDB404E093C6462EAD8B2DEF7D785CD98D4833
    SHA-256:34155D2CB648345CEAAB537EC57F0C9A713F193DC7029C9952B2FE5DB748C6FC
    SHA-512:DC54D8063AB00BC5D378FFFCD674DBFB71E8536F0070B85FCE4BA1356511C32934EDF2604E1810FCF1FE7E00D372C0D8397C92537D45DFFA55362E5F1C858225
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....+.............!......................... ...............................0......}.....@.........................0...'............ ..................."..............T............................................................................text...W........................... ..`.rsrc........ ......................@..@.....+..........F...T...T........+..........d................+..........$...........RSDSrh./.v..K.}...'....api-ms-win-core-processenvironment-l1-2-0.pdb...........T....rdata..T........rdata$zzzdbg...0...'....edata... ..`....rsrc$01....` .......rsrc$02.... ...rh./.v..K.}...'.5..7...S9.V.+...................+......v...............X...d...p...........B...........6.........api-ms-win-core-processenvironment-l1-2-0.dll.NeedCurrentDirectoryForExePathA.kernel32.NeedCurrentDirectoryForExeP

    C:\Windows\Temp\is-5L66I.tmp\is-I9PHC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12816
    Entropy (8bit):6.739861156153718
    Encrypted:false
    SSDEEP:
    MD5:516064696806C69D13D6E55016A28DB7
    SHA1:04A86A062111725C6887E09D0FD51CB7DCAF35F3
    SHA-256:B37E4BAA6D049C9729412D7C1A9BEB423FC9151AD1076603D57C865617F58C67
    SHA-512:7CB850DAC7A98248118E9CC00A8DBF0BEDB3ED49EF50657D8835B7CDCD72E5BCA37AF7674027B471E2C7F92C4192FC748A258D1DA601BE7CF2A7A0C97CE06D02
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...;..............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text...5........................... ..`.rsrc........ ......................@..@....;...........7...T...T.......;...........d...............;...........$...........RSDS..B..b.QT[.{......api-ms-win-core-url-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....B..b.QT[.{....C...-.0.;...................;...............&...&...H.......x.......'...L...r...................>...d................... ...E...e................... ...>...[...}................... ...8...W....................... ...........

    C:\Windows\Temp\is-5L66I.tmp\is-ICBSJ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.806952695180151
    Encrypted:false
    SSDEEP:
    MD5:58C7BD9F4ADA6C7DBDCCE7454B30DA8C
    SHA1:AF4EAEC5E193299D7C30A43EF9E048D0F8BC8E53
    SHA-256:AA7D3968F62147E94ED850FD7576CD55DACF7B089A56CF84CCB6D714479E314B
    SHA-512:E1512F2C72CC9AA18788ED440D3C45366E032EADEC5E18D98FC17F124E5B649025AB7DD4D946CC9921DBB0963B8A52ADD240FB74DAD47B8ECBBB2F24461C18FE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....P.............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text...;........................... ..`.rsrc........ ......................@..@.....P..........9...T...T........P..........d................P..........$...........RSDS....[.. ..#.\..j....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .......[.. ..#.\..j...].8...&..P...............P......p...............H...X...h...........................................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebug

    C:\Windows\Temp\is-5L66I.tmp\is-J3TRQ.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10768
    Entropy (8bit):6.970579441179733
    Encrypted:false
    SSDEEP:
    MD5:7D62AFC454E0C7C44F8035A731F815C9
    SHA1:B705BF7889807E3A77023B7F2CE235EE26FE8244
    SHA-256:D8EE48656C2D50D22BCCADD91C82699A944CA2C9AF4B81ADB9CC7C72521F34EB
    SHA-512:5AFBA04789E49100213ABBF8E47B7C0AF6D6550BF35C0E82236E9A5D0E2ABEC0F887922743D4BA88D597890DCADFC53632F37CFC7C04B5DDA78DE339CAF4CFDC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....=.N...........!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....=.N........;...T...T........=.N........d................=.N........$...........RSDS$.\`1D.>.....*2....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...$.\`1D.>.....*2..(.m.+....@.=.N.............=.N....\...............H...P...X.......................api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerforma

    C:\Windows\Temp\is-5L66I.tmp\is-KNS80.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10792
    Entropy (8bit):6.939780510131515
    Encrypted:false
    SSDEEP:
    MD5:139D7CB5A5E3354E5235A9CF59EF62E6
    SHA1:F58665967E919889CABAF4BC499E4310F5B13321
    SHA-256:3F063447BDDD9B097C83BD67996E0721FB691D39B438AEA30C8D2626D229D700
    SHA-512:BEA985EB97F4EDEC6E423C6879500B60EB2F29561C32EA5DA6CB365B11751B95BE763BEC80C8AC1D94B4258F688D66A4C38B9E6951AFB804663FE7BBF724D89F
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...S.a............!......................... ...............................0............@......................... ...{............ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.a.........:...T...T.......S.a.........d...............S.a.........$...........RSDS...l)..#.n.3.a.....api-ms-win-core-fibers-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ...{....edata... ..`....rsrc$01....` .......rsrc$02.... ......l)..#.n.3.a..J...g@....S.a.............S.a.....R...............H...L...P.......t.....api-ms-win-core-fibers-l1-1-1.dll.IsThreadAFiber.kernel32.IsThreadAFiber..............................................................................

    C:\Windows\Temp\is-5L66I.tmp\is-LH7AK.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.777372334719334
    Encrypted:false
    SSDEEP:
    MD5:E15CFA268B59E863E032226C75BA1B38
    SHA1:BEF9C284A398448648F87887220F7C154FAAB3DC
    SHA-256:4959A91B62F5A1B387C53D9A3F18071A06524E3C04A3E3712F65DDF6A61FA093
    SHA-512:55373E99F210B811CFE3A04843003F6F0CD56AD9959341722A25AACF3A019C6E114AC356F27D647C0688B37DA9F3E168F3D833C37FB5B11FE519B0EE312A0B54
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....u.............!......................... ...............................0......!a....@......................... ................ ..................."..............T............................................................................text...(........................... ..`.rsrc........ ......................@..@.....u..........8...T...T........u..........d................u..........$...........RSDSVd..`...*0..........api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...Vd..`...*0......N,.....I.W9.u...................u......................H...............?...b.......................!...K...s.........................../...X...u.......................?...`.......................................................

    C:\Windows\Temp\is-5L66I.tmp\is-MED3Q.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):19472
    Entropy (8bit):6.299875342858988
    Encrypted:false
    SSDEEP:
    MD5:752CB74040D2E6AB365982FC2F3E489B
    SHA1:CC0AE53C48BF163B62E568C815E90220E0F64152
    SHA-256:78B548E687FC423E157EE26823326715FDBB9E362C3248D5CA3CF5092932458F
    SHA-512:135A90E773683C71C9D58A6705EE84E566A55B609BB172612A56C6769E74B206A0F165A86ABEA9BE3E4F46FDB5377AB211A4D4D6FD0A76133FF7BE4A3EA95B66
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L......[...........!.....$...................@...............................P............@.........................0.... ...........@...............*..."..............T............................................................................text...$".......$.................. ..`.rsrc........@.......&..............@..@v......................[........<...d...d..........[........d..................[........$...........RSDS$"^...1h...&........api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0.... ...edata...@..`....rsrc$01....`@.......rsrc$02.... ...$"^...1h...&....[.'37...e.....[...............[....(...............X...x.......[...........................Q...t...................$...G...l.......................?...b.......................4...W...z...................)...

    C:\Windows\Temp\is-5L66I.tmp\is-N40L8.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):15376
    Entropy (8bit):6.712513617274004
    Encrypted:false
    SSDEEP:
    MD5:67813B708FB1940C51991583EDE1B573
    SHA1:219C55951926376020464F26BF4A0039920B3C50
    SHA-256:A6B55565BC493BCA30F6CB1A221E8909F29A3889970477512063F2BBB6F1507D
    SHA-512:50B4589C6BBA0D90A59AD0DF110B91BC0989DD30CE9B24F290716E261CB244C18D004798A1B98854E4A2362CB437761B4FB95CC5DA462BB3111063B3FF25D79A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....(............!.........................0...............................@...... .....@......................... ................0..................."..............T............................................................................text............................... ..`.rsrc........0......................@..@......(.........B...T...T.........(.........d.................(.........$...........RSDS.>b.U..}....%D......api-ms-win-core-shlwapi-legacy-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata...0..`....rsrc$01....`0.......rsrc$02.... ....>b.U..}....%D..o.|u uTd......(.......(.............X...X...H...................3...U...w...................<...h...................'...I...p...................G...t...............3...U...{...................V..................."...

    C:\Windows\Temp\is-5L66I.tmp\is-NONPG.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.79376092063611
    Encrypted:false
    SSDEEP:
    MD5:F8BCE2FBDEE3321C3317F065A17A3A6D
    SHA1:77382D10C708325C9B13E6512A2536AD4A636260
    SHA-256:36445B1D179776E0B8880E370518BEA8F6999370A4E26D7B4C55E4D5D7C007B0
    SHA-512:CBD4CF2BCE63550478EB7F8F8E255FF5E543A12785033B4E9B47ABEBA5FFA106FAB82F6FC3871839B98765C92FBE347F14D4DA3EC4005E017C8ECDCD3B4D7B94
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....~............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......~.........>...T...T.........~.........d.................~.........$...........RSDS....)...A.N..R.....api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .......)...A.N..R........;_..}..~...........~.....f...............H...T...`.................................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBack

    C:\Windows\Temp\is-5L66I.tmp\is-NQ6ER.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.884971278589174
    Encrypted:false
    SSDEEP:
    MD5:8CD04413DC24100189C6472F938A0C4E
    SHA1:B1F0FEA715007740D86D4EFD4B43C45BA0F4EA8A
    SHA-256:498A4C1EC51608A1428E93C508F6FF150508882A229ECB6846C708D728E20DEE
    SHA-512:EB28F86CB5A5B0706A6091C06CEC2BE795206CBDE45BF621BF8C3386DF972F4C7B86B6FD438A8D0D58DC63B1383982C0C46324F024F4D1DDC86ADC24B580F528
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...a..,...........!......................... ...............................0...........@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....a..,........6...T...T.......a..,........d...............a..,........$...........RSDSUrT.....e5.....X....api-ms-win-core-io-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...UrT.....e5.....X.,=W^g....a..,................a..,....................H...d...................?...v.......................+...\.........................api-ms-win-core-io-l1-1-0.dll.CancelIoEx.kernel32.CancelIoEx.CreateIoCompletionPort.kernel

    C:\Windows\Temp\is-5L66I.tmp\is-NS7KP.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.866960261223699
    Encrypted:false
    SSDEEP:
    MD5:9630F69F5D9D625D523F225E6FCDFA02
    SHA1:5FA0848CFF75FF4E1A09633523AB387A645C4ABE
    SHA-256:DADE2907EF76EDCF3642993541BCFEBC2C952FEF12EE6AA192B98600F337E826
    SHA-512:217960DE6E4E2B2BA3329E237C9736EEBDF0A4AD6324C1BC3C5061EBAB3944E47ACEAB2DA4D76681CCF2BF69FDC7EC376AB3AEE478D829F137813BB84F8A4C58
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....D............!......................... ...............................0......h.....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......D.........C...T...T.........D.........d.................D.........$...........RSDS/.V...d*n...\gR....api-ms-win-core-kernel32-legacy-l1-1-1.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .../.V...d*n...\gRn....l.!...b..D.......D.....................H...........$...b...............K...............#...O...y...................H...................q...............?...h.............................................api-ms-win

    C:\Windows\Temp\is-5L66I.tmp\is-OD80C.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.866659370806202
    Encrypted:false
    SSDEEP:
    MD5:3410E14B51450B24F3251A9BBBBD57DB
    SHA1:92D4D123019B4D8CADC0B64B0A6292D6AB50A6C4
    SHA-256:0A8AEBF8C2230A942AC29D7543BB1AA7AF206583118E9EC301E97EA95C3EB283
    SHA-512:6EC5C614B8B80BCE00DDBF304268DC922046D8503B2C5025FF01D906418AA8058F099AFEAAB2FA9E308DAC9CF39D121DBE58E5A06A48D0E5BADAB0BAAB1C301A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....$............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@......$.........C...T...T.........$.........d.................$.........$...........RSDS...0s....1p.jG....api-ms-win-core-string-obsolete-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......0s....1p.jGm....n.L.....$.......$.....................H...p...................2...O...k...............................(...E...b...}...................................api-ms-win-core-string-obsolete-l1-1-0.dll.lstrcatW.kernel32

    C:\Windows\Temp\is-5L66I.tmp\is-OJ526.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):13320
    Entropy (8bit):6.84550438285237
    Encrypted:false
    SSDEEP:
    MD5:90F649EE98720D9E1285D9452815B86E
    SHA1:6D9BCC9BA9B2D0C8082E663315F11E2C4F2C519B
    SHA-256:C17F6E0D8469EB45C217FA710E3CDA8015B747FE9D8C22236B5FE19069668469
    SHA-512:158847D4BB01E9F82545253A5DA2B0E68470C7F04D98E53C1A1A3F1DCC1E1AFDE48A8AEAE0523152C50EAE3620A011F8E5A69710483A46A4E8D1E1F2CAB000E4
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...BK.............!......................... ...............................0............@......................... ...{............ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....BK..........=...T...T.......BK..........d...............BK..........$...........RSDS..[K..'..UT.tY....API-MS-Win-devices-config-L1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ...{....edata... ..`....rsrc$01....` .......rsrc$02.... .....[K..'..UT.tY.%......O.sNBK..........BK..............&...&...H.......x.......0...o...................i...............Q...............=...y...........;...............?...j...............H...............B...............>...w...........

    C:\Windows\Temp\is-5L66I.tmp\is-PCK64.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.909819428741757
    Encrypted:false
    SSDEEP:
    MD5:93A284EA42CFD11FD506A9DA7AEEF476
    SHA1:0E4DAE25F1057A35A590123E18A650CB2378AE68
    SHA-256:EDCFB3DDF7D825FD1DB391E21183A8EC47379DCEA781118B27FD0FC0C2F62C3F
    SHA-512:444BC6C70853D520ED1463F4EF173BAD836A9F4117C3870B76BC21C22D5AE3A7001561E243D2C4CE8950D749D9DF87911131176B7187042E35CB52305C3D25A0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...X.5............!......................... ...............................0.......l....@......................... ...P............ ..................."..............T............................................................................text...p........................... ..`.rsrc........ ......................@..@....X.5.........>...T...T.......X.5.........d...............X.5.........$...........RSDS... Z....<..}......API-MS-Win-Core-StringAnsi-L1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ...P....edata... ..`....rsrc$01....` .......rsrc$02.... ...... Z....<..}....u.0l...0ZX.5.........X.5.....................H...x...............2...O...l.......................;...\...........(...C...b...}.......................O...........................api-ms-win-core-stringansi-l1-1-0.dll.Ch

    C:\Windows\Temp\is-5L66I.tmp\is-PGMJ9.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):244104
    Entropy (8bit):6.634703408624121
    Encrypted:false
    SSDEEP:
    MD5:8FFFB33F52BE9781285A666F800C6A81
    SHA1:479913B06EAA223999D8342D0DE439D4B78C6ECD
    SHA-256:0AD01F6B1EB2FE2C343BA9FBCFFD92C3577AF9B52E366B2923891F11E8C9A6C2
    SHA-512:2D0B12E4A1426FD5765E6DC1B690504429715B62A511FC3807E865C2197091AD2A1F31AA9091C54BA1AC2199A401405FEED0D8507378696678C4EE44AB540EB8
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9hZ.W;Z.W;Z.W;...;X.W;S..;P.W;..V:_.W;Z.V;.W;..S:Q.W;..T:].W;..R:..W;..W:[.W;...;[.W;..U:[.W;RichZ.W;........PE..L....._.........."!.........x...............0......................................BQ....@A.............................K..<r...........................#.......+...;..8............................<..@............p..8............................text...L........................... ..`.data....4...0...2..."..............@....idata.......p.......T..............@..@.rsrc................f..............@..@.reloc...+.......,...j..............@..B........................................................................................................................................................................................................................................................................................................................

    C:\Windows\Temp\is-5L66I.tmp\is-PJLAC.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12816
    Entropy (8bit):6.894908674959833
    Encrypted:false
    SSDEEP:
    MD5:B022E52FAE3EA7DA7B43C8E80CA646A9
    SHA1:CC1FAB36EE81C119AAE9856EBEA2E1735A309B30
    SHA-256:655CE7FCA0959A0EEB39B41DC7BDF3E094558875FB433067B6ABCE1BE34C7C08
    SHA-512:B66390F5F0C9F7950DC1D160F6BB56657117D4C9637A6E40A61C31065FA2D080D3135EAE9EDC584FE34DBBD9663DC291C5D47E841351D3A7A15DD01F73C09A81
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....r.............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....r..........<...T...T........r..........d................r..........$...........RSDSsC.W..>PV.{&. .....api-ms-win-core-registry-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...sC.W..>PV.{&. ..............r...............r..............+...+...H...........&...H...n...................8...`...................;...`.......................A...e...................A...k...................E...p...................4...^...

    C:\Windows\Temp\is-5L66I.tmp\is-Q6BO0.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11280
    Entropy (8bit):6.856580023934296
    Encrypted:false
    SSDEEP:
    MD5:629290683332F2F8958BA55D7F334A65
    SHA1:A3F43A3AEC42BF64B8309356CFD3666C906E44E5
    SHA-256:7E0B13030655FB3F15A8739DD72DF8EDF4142C35C263FFC5B93C73D6E2C6555A
    SHA-512:6F6A189F90915598FC79409E668DA9EF522674CB7BBBFD79E2A16FE2E43CFF59A144D940E3FCCB619CFEAE5ED5E88A1A63AFBFEB55BA8D14B71FA616897588E6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...X..;...........!......................... ...............................0.......|....@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@....X..;........A...T...T.......X..;........d...............X..;........$...........RSDS.].~.{.s..z?49.I....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....].~.{.s..z?49.I....G..;.X..;....X..;....................H...d...................1...T.......................$...G...j.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.k

    C:\Windows\Temp\is-5L66I.tmp\is-QPS0A.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):13328
    Entropy (8bit):6.852722248472126
    Encrypted:false
    SSDEEP:
    MD5:EEE68EE0F2741C315EC6CD2E4349777B
    SHA1:01C48BDE90352F943E1CD0D09FD67648E24539EA
    SHA-256:9A1CF332B3868EEDADBE00F2C99698DC84D21C759A47C0FFA0E3C3C3940EB931
    SHA-512:1943560F0E0C418518898FAFB4BBBAB6AD7ECA04FE4EFDA6562ECF203D5A9EF7905EA98C454028C1FA640C59FD758F94EF507D08AF1FA02442B9B0FF31D87962
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....]*............!......................... ...............................0............@......................... ................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....]*.........=...T...T........]*.........d................]*.........$...........RSDS*.(4..#.WX.p.5.....API-MS-Win-devices-config-L1-1-1.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...*.(4..#.WX.p.5.....}f)..'W.]*..........]*.............'...'...H...............:...y...............8...s...............[...............G...............E...........#...I...t...............=...............9...{...........H...w...........

    C:\Windows\Temp\is-5L66I.tmp\is-QTR63.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):267656
    Entropy (8bit):6.549449915685145
    Encrypted:false
    SSDEEP:
    MD5:948275A307DDBA050EAAB66448E07D26
    SHA1:E06AB60C66BA361BAF3F3E2EB4B1949587854B0A
    SHA-256:F1D630A5BFD0292502274621CEE911F4BAC2D314795A105F5E8CCC0BFA70C117
    SHA-512:07AFD6FEF2C01E849943D2C9744D2ED813517A667915EC76CD7402786525F181A51967346538820B71B72D4EF46B5576619261BD06DB7C8CDE4D8A83CDBD7667
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........b..1..1..1../1..1s..0..1s..0..1s..0..1s..0..1y.S1..1..1...1s..0..1s..0..1s.C1..1s..0..1Rich..1................PE..L......_.........."!.........................0...............................0.......a....@A........................ ....=...............................#.......W..lJ..8............................J..@............................................text...;........................... ..`.data...(p...0...n..................@....idata..............................@..@.rsrc...............................@..@.reloc...W.......X..................@..B........................................................................................................................................................................................................................................................................................................

    C:\Windows\Temp\is-5L66I.tmp\is-RNJ8M.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11272
    Entropy (8bit):6.854809725044872
    Encrypted:false
    SSDEEP:
    MD5:D6CF0F5B4251F0E81A9E9D5AE6909B72
    SHA1:6A539E0B16BF551271ED1961F0D25FC8222E61F7
    SHA-256:18FC4FD73A983E0260E93DC00B3A52E4F1E86163F07A2EE93DE4BD8CB8C5CE6E
    SHA-512:8736127DA17470F9814A417D3012FF95280DE74E6FC01C8313076F5BFD0752AF718E02E023D541EB1C32780C08FC9CE562E58058E3D4C6FF62A380AD0F5BA3EE
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0......-.....@.........................0................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@................L...T...T...................d...........................$...........RSDS....z....8.;..W....API-MS-Win-Core-ProcessTopology-Obsolete-L1-1-0.pdb.........T....rdata..T........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... .......z....8.;..Wd.|.qp.g...S........................................X...l...............C...x...................a.................api-ms-win-core-processtopology-obsolete-l1-1-0.dll.GetActiveProcessorCount.kernel32.GetActive

    C:\Windows\Temp\is-5L66I.tmp\is-RP4UP.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11816
    Entropy (8bit):6.918917710337185
    Encrypted:false
    SSDEEP:
    MD5:342CC089E8DA9E7C67EB8BA14F38528B
    SHA1:75636E7750F0008B6AEF2333869924836E8371B5
    SHA-256:88CB8EFF6DE572B1563A3362F9CE14EAE3714089035D56B9F1C544069A76A81A
    SHA-512:C98F4715282CFC3BFF8EF17D2BA2775F00754F75005ECC7A77A3FCF6E938E6EFD14799E304A0CD185968E1A645A60DDF46EDB10F442BA6AB06C2D29BA2318C7A
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....J\}...........!......................... ...............................0.......N....@......................... ................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....J\}........>...T...T........J\}........d................J\}........$...........RSDS.K.....b3.7"..>X....api-ms-win-service-private-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....K.....b3.7"..>X..|.g]7.'.6..J\}.........J\}....................H...............p...............\...................:...k...........................M...............=...................&...W...............[...............................

    C:\Windows\Temp\is-5L66I.tmp\is-RSD7C.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):1179328
    Entropy (8bit):6.811217692875725
    Encrypted:false
    SSDEEP:
    MD5:A20AAB46167FFB31E2D1B243E8013F2B
    SHA1:56F7063036D53FD9F47F3551115D7530F18EEDBA
    SHA-256:C5C7468E998B13B6A65788C988C327D6E41924C8355CB47D4348AB8C2D5F5874
    SHA-512:F3630AF6342E4D695DB1C174C0734950125CCBCA2BD2489904F345D95C77F8CD09FFFDB83A2CBB67C75075F676DB270A0105CE5D4ABC88166E60ACECB6BE782D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>2._\.._\.._\..'.._\.._].)_\..7..._\..7\.._\..7_.._\..7Y.._\..7R..]\..7X.._\..7..._\..7^.._\.Rich._\.................PE..L.....t...........!................................................................i.....@A................................p........0...................J...@..T...P...T...........................p...@...............l............................text...p........................... ..`.data...$...........................@....idata..............................@..@.rsrc........0......................@..@.reloc..T....@......................@..B................................................................................................................................................................................................................................................................................................................

    C:\Windows\Temp\is-5L66I.tmp\is-S1AQH.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):66064
    Entropy (8bit):5.551783470816739
    Encrypted:false
    SSDEEP:
    MD5:6F543D365CDBCF2204A991C70FF487FD
    SHA1:09FF5AC8AA846E116A6EC954D24C4B270FAFE07A
    SHA-256:D2B2DC0B0A6C4984B4A6555389B6726057B3CE45A0584681635FC71729351EC4
    SHA-512:6C1A21C01761A5E40E1E0FB63C04CE43653723092C5B9CE101F295AE2120CDA4E3D869D534709584101A24EC806D557EFA256534DEF9918D9B67298B61AC8A0D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................................................................@.........................0...................................."..............T............................................................................text............................... ..`.rsrc...............................@..@v...............................:...d...d...................d...........................$...........RSDS...8.<.....=`4R....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata......`....rsrc$01....`........rsrc$02.... ......8.<.....=`4R.......+../.........................>..............X....#...5...?..0?..W?...?...?...?...@..:@..v@...@...@...A..KA..|A...A...A...B..8B..lB...B...B..1C..hC...C...C...C...D..?D..hD...D...D..9E...E...E...E.. F..

    C:\Windows\Temp\is-5L66I.tmp\is-U3JD8.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):10792
    Entropy (8bit):6.973033507803697
    Encrypted:false
    SSDEEP:
    MD5:280B1E903AECFD521A0D37C33EFBB4DE
    SHA1:B56450ACF43B88393F234995637C93A2009C50ED
    SHA-256:7980B7B70031D31889C8CF6C8F7B19CF62A2A18C7DF542B8BD142CD3132115D0
    SHA-512:B3A9699B181ABE0A071B6088ED3E6F8C84F2BC1F663BEBB5C0F1DC5EEB8A9488F91F98EA86A66D45257B44FD27C19020B9A797A1D7E53462B369C2652E7251E6
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....A'............!......................... ...............................0.......e....@......................... ................ ..................("..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....A'.........<...T...T........A'.........d................A'.........$...........RSDS.~..?...4...d&.....api-ms-win-core-shutdown-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....~..?...4...d&...MB...A[...A'..............A'.....\...............H...P...X.......................api-ms-win-core-shutdown-l1-1-0.dll.AbortSystemShutdownW.advapi32.AbortSystemShutdownW.InitiateSystemShutdownExW.advapi32.InitiateSystemShut

    C:\Windows\Temp\is-5L66I.tmp\is-UB020.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):12808
    Entropy (8bit):6.7676531385701315
    Encrypted:false
    SSDEEP:
    MD5:7637F7E78C00215698C9FAB777F8370A
    SHA1:A21D8C73D809F05DCB909B707319E9CEBFD9874B
    SHA-256:6203596B8374F099639809FAEF7CE094D8C809976BADA2063A1A18069B84AEB3
    SHA-512:6943BA8D4C15E2A3C34612BE836FA6D4AAE073E7C7721818EDBC9B1AF0855342C241B83F34CEB285C239382DFF4278B5B4749CD519B3E436B0FC0D880B3B5740
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....sI$...........!......................... ...............................0.......o....@......................... ...7............ ..................."..............T............................................................................text...W........................... ..`.rsrc........ ......................@..@.....sI$........<...T...T........sI$........d................sI$........$...........RSDS.....h..xg..........api-ms-win-core-registry-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...7....edata... ..`....rsrc$01....` .......rsrc$02.... ........h..xg.......!......./..sI$.............sI$............!...!...H.......P...........%...I...x...............4...m...............+...Z...{...............'...Q...................>...e.......................A...............;...`...........

    C:\Windows\Temp\is-5L66I.tmp\is-V78PE.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):11792
    Entropy (8bit):6.788061032804028
    Encrypted:false
    SSDEEP:
    MD5:3701377FBCE6D04E1CDA1278105CD27F
    SHA1:10260265BBEE57826F250EAE17F1CB52B4B7D7ED
    SHA-256:B4EF8189B0645AD7CDE550408317BE161668D4C6A0E7DB2333215C18AF21F3D5
    SHA-512:99BC5B1AD38470EE8CEDB24BF8C980187903B1B463BF77164F6EBC0F53E7DC27BFF7AE461CED82B03B7BD64846C298DB09A739D3D4DEB7378AFD46C5664763DC
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....][...........!......................... ...............................0.......r....@.........................0..."............ ..................."..............T............................................................................text...R........................... ..`.rsrc........ ......................@..@v.....................][........>...d...d.........][........d.................][........$...........RSDS.,.A..\...R..=v....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0..."....edata... ..`....rsrc$01....` .......rsrc$02.... ....,.A..\...R..=v....N..{?M8d..][..........][....................X...........?...c...........................7...S...o.......................'...@...2...U...z...........................I...f....................... ...7...

    C:\Windows\Temp\is-5L66I.tmp\is-VSNQB.tmp

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):13840
    Entropy (8bit):6.696728065270494
    Encrypted:false
    SSDEEP:
    MD5:87F909B473CE38E465421F2AEFA532A9
    SHA1:D14A0ECA0382D289809BCE4B69888C2A09EAF0CA
    SHA-256:BE9897967DC95F9AD2B816D60FE3AC487097B2EE2AB434CD43A4A028C0DDD936
    SHA-512:53949D3402C82131BDC88FE4D21B8AB64B8B3EE2322663639114EE4A30580E6FDD3CFF54914FC3A410FFB82A31ADB17F8752736077FE5BEA4C3A19F498243D5D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....c!...........!......................... ...............................0............@.........................0................ ..................."..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................c!........7...d...d.........c!........d.................c!........$...........RSDSTi...:..L?.3".......api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...Ti...:..L?.3"...:.}Fc........c!..................c!....(.......H...H...X...x.......P...m.......................,...J...h...........................5...V...t.......................'...K...o......................./...Q...v.......

    C:\Windows\Temp\is-5L66I.tmp\tmp.txt

    Download File
    Process:C:\Windows\System32\cmd.exe
    File Type:ASCII text, with CRLF line terminators
    Category:modified
    Size (bytes):3
    Entropy (8bit):1.584962500721156
    Encrypted:false
    SSDEEP:
    MD5:10400C6FAF166902B52FB97042F1E0EB
    SHA1:D583C3AA489ED954DF3BE71E71DEAE3A9895857E
    SHA-256:DF4E26A04A444901B95AFEF44E4A96CFAE34690FFF2AD2C66389C70079CDFF2B
    SHA-512:B89CF2145F5528FA96FA0E68F7AA6E1FAFE18C9886EC12F6A0CAD20C970A514841F8109E8B2ED1A748A1AFA4C44DD2834667069A165F7DD35532ABE4DB8C5A60
    Malicious:false
    Reputation:unknown
    Preview:2..

    C:\Windows\Temp\is-5L66I.tmp\version.txt

    Download File
    Process:C:\Windows\Temp\is-5L66I.tmp\get_version.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):2
    Entropy (8bit):1.0
    Encrypted:false
    SSDEEP:
    MD5:81051BCC2CF1BEDF378224B0A93E2877
    SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
    SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
    SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
    Malicious:false
    Reputation:unknown
    Preview:..

    C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp

    Download File
    Process:C:\ProgramData\Temp\gbpcefwr64.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):3210040
    Entropy (8bit):6.333022315739529
    Encrypted:false
    SSDEEP:
    MD5:6589D4FEDB30987A534406F5785C186A
    SHA1:3DD8A5CCC8CA151AB2E29A2432F86E0DE0B885A6
    SHA-256:E53D83F6FC38D0873CDFE6122D892C60F9D71E54DFCD98641B4159021C3EF6CB
    SHA-512:B3353F6AFFFAF928C770E02A3561AB812141F8E22D5963141987AF67844A37ADD2567AFEB3AAC9D613FF9E9BFF2FAFA49AC6F7DC30E24D08E113B096DC6D2BF6
    Malicious:true
    Reputation:unknown
    Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1.....YY1...@......@....................-.......-..9....................0.8)...........................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

    C:\Windows\system32\drivers\wsddfac.sys (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (native) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E5E1434F9E4F327EE84C9F31B879FC2E
    SHA1:7ECA71AE2A4C0630B1AEEFBD4014A7DF43FAD5EE
    SHA-256:D50617ACC02AA84A7C6D0719CD334030DA1411CD2CA3440941AF081BF4830CB1
    SHA-512:F69E3A00BE6B19DD685DC67678F6D73E5CEA2D17E78DED0A242C12E665FD9F658A0233B082CE07FE6EA450FD3BE0A339605E8031A642841C1526573CEF5A3F78
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-...~...~...~2......~..A~...~2......~2......~2......~...~...~]......~]..~...~]......~Rich...~................PE..d...W..d.........."......2...8.................@...........................................A...................................................P.......`.......L....^...z......8....C..8............................C..8............@..X............................text....'.......(.................. ..h.rdata..t....@.......,..............@..H.data...x!...P.......8..............@....pdata..L............J..............@..HPAGE.................N.............. ..`INIT.... ............P.............. ..b.rsrc...`............X..............@..B.reloc..8............\..............@..B................................................................................................................................................................................

    C:\Windows\system32\drivers\wsddntf.cat (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:CCAF68B582F377B5142FA17364EE8811
    SHA1:692DB1E1B652D464F5AD9E155DB3293962A6F828
    SHA-256:FDE3A4406637912C2C5486AF106866F402D2D57F94417C56ACA4FD9D10B95DBD
    SHA-512:6FCECC8C9FBFFF969670CC5F6416466F426435F36FD0565D612196E8E0E92F829D963F0D7356674AEDFD1D19B04E55531FDDD53C066FA653C18847F53E979B72
    Malicious:false
    Reputation:unknown
    Preview:0.)...*.H........).0.)....1.0...`.H.e......0..-..+.....7......0...0...+.....7........{m|E...Y..0..210212133328Z0...+.....7.....0..P0.... e...VE...d.....[.fJ.i&.K...I..01..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........w.s.d.d.n.t.f...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... e...VE...d.....[.fJ.i&.K...I..00....s...\'.?...>....Ql1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........w.s.d.d.n.t.f...s.y.s...0....yfm..@_5......Z.L.$.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........w.s.d.d.n.t.f...i.n.f...0.... ......l.m..;p..G.../0.4....}..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........w.s.d.d.n.t.f...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ......l.m..;p..G.../0.4....}....0...0....+.....

    C:\Windows\system32\drivers\wsddntf.inf (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:Windows setup INFormation
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E151A834C596224318A854DC05752E57
    SHA1:79666D9B0A405F35C3C08102EDC55ACB4CDF24F2
    SHA-256:A50FE78CDA1D916CDA6DBF8D3B70C9ABB6470C96ED2F30C834E7F113977DB6F3
    SHA-512:0473DB7FD21897DA90EC1EEF3DFBF1268EA996BE839936E92241D1C911B192B22BA674C93264D2F6F3965426C5B1C12897ED8CFBCC5ABEEF30EEB77E2E617E8E
    Malicious:false
    Reputation:unknown
    Preview:;-------------------------------------------------------------------------..; wsddntf.inf -- WinpkFilter NDIS LWF driver..;..; Copyright (c) NT Kernel Resources. All rights reserved...;-------------------------------------------------------------------------..[version]..Signature = "$Windows NT$"..Class = NetService..ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}..Provider = %Ntkr%..CatalogFile=wsddntf.cat..DriverVer=02/12/2021,3.2.24.1....[Manufacturer]..%Ntkr%=Ntkr,NTx86,NTia64,NTamd64....[Ntkr.NTia64]..%wsddntf_desc%=Install, nt_wsddntf....[Ntkr.NTamd64]..%wsddntf_desc%=Install, nt_wsddntf....[Ntkr.NTx86]..%wsddntf_desc%=Install, nt_wsddntf....;-------------------------------------------------------------------------..; Installation Section..;-------------------------------------------------------------------------..[Install]..AddReg=inst_ndi..Characteristics=0x40000..NetCfgInstanceId="{D84D0128-AE2D-4E27-800A-E030D4EF692D}"..Copyfiles = wsddntf.copyfiles.sys....[Sourc

    C:\Windows\system32\drivers\wsddntf.sys (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (native) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:B9B7FAF000643E516F75C9C990BB3C4F
    SHA1:74F8628C4D3F8A2E54B0C3BFF02B6C3A694323E7
    SHA-256:42CBF711832EAE6603C7802C46813B85BA892FF24667F431850D8339AF830031
    SHA-512:3C2226A18DD437F2E6F32CA09E08D2850B1DDBDCDF6A77E0A950708CABEB643A63EBFBB8825E76D9606291379788ACC4B2358257917D175E1AFC18B81C3841D0
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e....O...O...OS.O...O...O...OS.O...OS.O...OmY.O...OmY.O...OmY.O...ORich...O................PE..d....."`.........."......l...........f.........@..........................................`....................................................<........................C...........q..8............................r..p............p...............................text...r\.......^.................. ..h.rdata..X....p.......b..............@..H.data...P............j..............@....pdata...............l..............@..HINIT.................p.............. ....rsrc................~..............@..B.reloc..<...........................@..B........................................................................................................................................................................................................................................

    C:\Windows\system32\drivers\wsddpp.sys (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (native) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8ECD5DDC5E020C660C8D4DEFB2F2F400
    SHA1:26612293F5571E255ECAFB3E137139C8473CBB71
    SHA-256:C58DA77D6640786F2371FFF7F58C681691B7FE75566A3621492814C79CD7D2B1
    SHA-512:3B5B136021FD213D00F454A6A29BF22C033143AF82BA9C03E38B5FDF5A4A7FF0B350722B3B7C9ADAFC05E8C50F1A845EB2A320E90AEB73BAA54B47E0B9EB9BC5
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.-]bzC.bzC.bzC...D.azC.....`zC...B.azC.bzB.}zC...@.fzC...G.dzC...G.lzC.....czC...A.czC.RichbzC.................PE..d..../Id.........."......*...<......@,.........@....................................{T.....a................................................0...<.......`.......L....R..XQ......0....A..8............................A..8............@...............................text...*#.......$.................. ..h.rdata.......@.......(..............@..H.data...8)...P.......0..............@....pdata..L............B..............@..HINIT.................F.............. ..b.rsrc...`............L..............@..B.reloc..0............P..............@..B........................................................................................................................................................................................................................

    C:\Windows\system32\drivers\wsddprm.sys (copy)

    Download File
    Process:C:\Windows\Temp\is-T0PV4.tmp\gbpcefwr64.tmp
    File Type:PE32+ executable (native) x86-64, for MS Windows
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8F04FDAA9D5A7942738222A2F30ECB1C
    SHA1:5DB492113F2D1D63C14CBA28ADDD039C0FBD6119
    SHA-256:8D15A834AD6F7C5526A9F9DDE70F52C57CA8E0E9712E626FA281590DF35F140C
    SHA-512:5DBB029DBB6AC15DB2F12E45CDFCA4DF08E103495C2FC6C07EDFA49E8BECA7C92279EBF841A2019B94D20F101F5FB1C470E7C9C7DAC47ACD0D388AE0A492028D
    Malicious:false
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@,;s..;s..;s....)~8s......9s....(~<s....-~>s....*~3s..../~>s..;s/.rs....*~5s......:s....,~:s..Rich;s..................PE..d......e.........."......R...:......P0.........@..........................................A................................................0...P....... ....p.......z...Q......D....F..8............................F..8............@..@............................text...L).......*.................. ..h.rdata..X....@......................@..H.data........P.......>..............@....pdata.......p.......F..............@..HPAGE.................L.............. ..`INIT.................j.............. ..b.rsrc... ............t..............@..B.reloc..D............x..............@..B........................................................................................................................................................................

    \Device\ConDrv

    Download File
    Process:C:\Windows\System32\wbem\WMIC.exe
    File Type:ASCII text, with CRLF, CR line terminators
    Category:dropped
    Size (bytes):28
    Entropy (8bit):4.208966082694623
    Encrypted:false
    SSDEEP:
    MD5:F2CE4C29DC78D5906090690C345EAF80
    SHA1:D12E3B86380F0DBEF4FBDFFE2CBFE2144FB7E9CD
    SHA-256:0356A869FC7E6495BAC33303B002935C317166D0EA5D403BE162573CF01055D8
    SHA-512:51F939C41710BC3A4E443CDAF33AAE614B043ACC2382A0C836049E34D2F51C8195FD149548752B33E4EDD4299548BB1957B89997FC640C837C9400D76FEA5B74
    Malicious:false
    Reputation:unknown
    Preview:No Instance(s) Available....

    Static File Info

    General

    File type:Zip archive data, at least v4.5 to extract, compression method=deflate
    Entropy (8bit):7.999957695875341
    TrID:
    • ZIP compressed archive (8000/1) 100.00%
    File name:HABICO116N_2024-04-26_16_58_38.139.zip
    File size:3'903'480 bytes
    MD5:bf6013620744516862c7e1c8b0d661f4
    SHA1:d7100e037f52e2544762678668855129c570ed4f
    SHA256:d1eeaa34979a2fb23e94fbcb608a19af38690551e3c6db3790a55c11d8e701ed
    SHA512:98b7512655492b5f667ba93d7706ec20df49f0285c81b7be50fcd883fce7a6bbfa6408de612d72f82723c2768a5bf65ab7f1aa02d40b040423caaee24365901b
    SSDEEP:98304:+jYJtqPk8X+peQJqOFJ9KpIYTOb/sOAYU+TgK/7C:+j02k8uwBOFZYTsbgAC
    TLSH:2106336CB3FFD8A860D100F3805C7BE384A92D93ED05F7BA3D66315F9A8C85A8511B19
    File Content Preview:PK..-...............;.8.`.....Device/HarddiskVolume3/Users/Habico/AppData/Local/Temp/MicrosoftEdgeDownloads/7fbe5683-d8bf-40f0-a123-f37dcb0001b0/GBPCEF (1).exe....................,.[lps...V..7,.....G..>i.?..yj....3.^W~1/.{..@'n..l....GY.U...8.pw@/N.h..c>P

    File Icon

    Icon Hash:1c1c1e4e4ececedc