92728090380c9a3d28d44bb5eac3c0527c675798979d02d5d85ddf296076fce0

Analysis

max time kernel
28s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e911cde-47d4-4af4-84f8-4657bc577f8a.exe
Size

675.0MB
MD5

59cbf13e42daafef1f261a7fe0e9f330
SHA1

ff94b79ad98737b1ae710360f5998b314342cd4c
SHA256

92728090380c9a3d28d44bb5eac3c0527c675798979d02d5d85ddf296076fce0
SHA512

e20c5277181688746fe8dbc00b03b48b0df94a2e5e13a4251b0774d094ba89ccc623cc3073ea00923d757366e75e62ad7f11a730ce9449d17179cde96335cee4
SSDEEP

12582912:r0MytlNbY7EkSKwCTPsnzVH3KnjmIKPDCImTnDbgka+OsghoM4w9R/WMhUbjXUAL:YYDwCTPUBXyjmIzrMkZHghB4qupXp

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1212	NexViewPlayer.exe

Loads dropped DLL 37 IoCs

pid	Process
1108	4e911cde-47d4-4af4-84f8-4657bc577f8a.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1400	Process not Found
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1212	NexViewPlayer.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1032	1212	WerFault.exe	27

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 1212	1108	4e911cde-47d4-4af4-84f8-4657bc577f8a.exe	27
PID 1108 wrote to memory of 1212	1108	4e911cde-47d4-4af4-84f8-4657bc577f8a.exe	27
PID 1108 wrote to memory of 1212	1108	4e911cde-47d4-4af4-84f8-4657bc577f8a.exe	27
PID 1212 wrote to memory of 1032	1212	NexViewPlayer.exe	28
PID 1212 wrote to memory of 1032	1212	NexViewPlayer.exe	28
PID 1212 wrote to memory of 1032	1212	NexViewPlayer.exe	28

C:\Users\Admin\AppData\Local\Temp\4e911cde-47d4-4af4-84f8-4657bc577f8a.exe
"C:\Users\Admin\AppData\Local\Temp\4e911cde-47d4-4af4-84f8-4657bc577f8a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\NexViewPlayer.exe
  "C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\NexViewPlayer.exe" --vidfile "C:\Users\Admin\AppData\Local\Temp\4e911cde-47d4-4af4-84f8-4657bc577f8a.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1212
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 1212 -s 1396
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1032

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\CSCore.dll

Filesize
519KB

MD5
94a312a6fcec0e78808bcea3d8ff67f5

SHA1
fe760487d13f9a6f5f359036561105d4aca88a1f

SHA256
e835139171eb0d63b6b4e02b0997cac040c02d295648a275d4c8d28b234c8e94

SHA512
ecdedeee1ee4e35e4fbd2dea3a4dd8b0805166a9610a63affbfb673f2644588eacecba6b3a5a0052c202ab14c321800997512abc318d36a50b00cc86dc83ec1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\GMap.NET.Core.dll

Filesize
2.3MB

MD5
b30385fb1303687abefdb49c3b1a55be

SHA1
dd45d99d943ccdc07a971eabc5ab49712356eda9

SHA256
a84872432a309be7cfdb90e9b359fad448422797edae3d40cedfb913e4e8cabc

SHA512
1f49eecbe4aaa7ffc89865abc9416d139b4fee69138ea8ae4232a7deff9313918fb06331e6762ba40b7ecbc5f04eebb75e97ec29cedcbd40cd618dea294c88f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\GMap.NET.WindowsForms.dll

Filesize
147KB

MD5
feb9a6afe113994dd6b5b6ef190b571a

SHA1
7ff52909c1578cd03886b596bd651dcc772849f5

SHA256
391fb994fa6ada92ad4b46e627a929db12dbd35a96e44f919da117608e1658c4

SHA512
6843509cbca3ced2eebb9b316e06660e22941d14dda7ad0ab89f19e262562ea53cf19cec1500edb85cdbc0f193ffdeb0ed4c659dd8ce027e63c9584adb776e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\NexViewPlayer.exe

Filesize
44KB

MD5
a6707cb06f43eb2357e23a83a78a77d2

SHA1
e82c1fc3f277b59cfb45b0fda7ff437da79dca74

SHA256
a9cfec3a51dfae35230bb040b7a60184f2c63bb3118faa4472ca3294f2607faf

SHA512
31c64e7bc25796500d231ee6a6f1284b58a84dc37654c161d98d728ebc96508c07e91d1bb5eeac4add3aebf27f9bf0217e813573707ab3aab4ecd5b20a5f0a18

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\NexViewPlayer.exe

Filesize
44KB

MD5
a6707cb06f43eb2357e23a83a78a77d2

SHA1
e82c1fc3f277b59cfb45b0fda7ff437da79dca74

SHA256
a9cfec3a51dfae35230bb040b7a60184f2c63bb3118faa4472ca3294f2607faf

SHA512
31c64e7bc25796500d231ee6a6f1284b58a84dc37654c161d98d728ebc96508c07e91d1bb5eeac4add3aebf27f9bf0217e813573707ab3aab4ecd5b20a5f0a18

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\SQLite.Interop.dll

Filesize
1.4MB

MD5
be061c3806fd219cbb5cc59933fa832c

SHA1
14b30781a22aaa373ad6841afef5603bd9623ee6

SHA256
57bd20d330834cda1c14a980754581309888d9a86ad9661bf0f3900b8aed1c0b

SHA512
67383936dadddfa5e08c6e659ed255def35677b2096bdf35215c1cc2be1da3a81660ae6782c39e554ee5135eff9dca804d01bb84fd65c9d89258b0e2be18d18f

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\SharpDX.DXGI.dll

Filesize
144KB

MD5
6ef1660fa72ae938408ccab4d2e1fb1c

SHA1
404c817da3e7d87e0559eb9ce2bf4748ade01f0d

SHA256
b056b7a36a2455921cdfcfb93f98dbd55bc157fe2df0dd23421ea35baec93e83

SHA512
294bfd3e5a8a8b503bd62addb2124927dec60138d06b2ba771b3310a94632b96ed41e80adbad8f0d19ae68ab41f8c7a03160ccb0aa6aa798e448a92c4e3ad979

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\SharpDX.Direct2D1.dll

Filesize
483KB

MD5
a78511f4eeefcaa3f24acc897d3a0a19

SHA1
ab887d51cfd191a0ded7af22e8815a259ff60ffa

SHA256
54eccc750908a6759c94a2bcc63d11faa5efb592de068a44a4c465805a2df5a5

SHA512
ecfcf6d4390365f02900c5d12846c5f3efb16541ad4805841aae41680289a7f772f69d2c4b0086f7d4325fc412b26748af84b7ab625be7c522cbbd780f180808

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\SharpDX.Direct3D11.dll

Filesize
276KB

MD5
7e962965b63f0cdcc79e9f7b3aeb03d2

SHA1
dc83be1eabfa0e0b3513b43b041f8ef825b832ee

SHA256
6b877340391410aea1c0657595ba47b1079fc8e76fda1305bec568a494f9c6a9

SHA512
9b1c1e22edf4014546d0ca895e0d171bb926481db7797cc70ebdb67f795de5f69c617fc749f56076a04a1971e4652f864a000c3ee5ae1617e89894983cd6354a

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\SharpDX.Direct3D9.dll

Filesize
331KB

MD5
f08ebb8c487125ebca8df081f050510b

SHA1
e0a28ba87d3c627a6d5024b97887e28f24fd697e

SHA256
5ee7451bd6d5a59701f0427ab56b58323b56be80af0bb01e62ef1d32e2614451

SHA512
3fffc88b7463a0b4fb580d90e8d8857ecd3de0844b696178b3766138cd899ce79847ccaf844bec58378f863d9745561a3b288af2f4e496248c61bc81cbe1773a

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\SharpDX.dll

Filesize
269KB

MD5
28f953a0985f1be3f5df7ab776cdca46

SHA1
2dad619e3831253c1699e1bb21a110b8815b9244

SHA256
04a9e6726924f3f29c0c67b979044374c2c251b7a95b0fd43f1d7b237bc50b3e

SHA512
60c4f7809014c2673415ff196f8e9a43758214739c75384e1aa0aae71d04b9b2b530c4f82ca65264961c6b6be3ab4e3a74e94c5e8809d86f577905fcc6bdc6f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\System.Data.SQLite.dll

Filesize
355KB

MD5
fd3874b6c0733eabe7e9c8df6cfb4d6b

SHA1
8f75a506baea72293485bfa3f77d221957011cb2

SHA256
93bb35bb3bc74bfa8016eb335a18fd89a8b3678bd4073108122d5d9af94e655e

SHA512
169a1eb4952f037d6dbd53a9b74e6671770a2c6d000776c497c34586c494f616c3b9325e1fe75fea00bc23268d02a8c5f895bb05290f9d159c8e7d8087d3f80d

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Common.DataHub.dll

Filesize
66KB

MD5
c652bacea238142c3b1367ba2414bbfc

SHA1
76b33aacf032276f099b10152fed1c32fcb79ce9

SHA256
b7b4d83119e40babffba8a6ab830e365edc797b53e9201f0a2b5b75f1973870f

SHA512
2691aa59bc2409de1729797070ad6db61162d1a38c341e2df2591f11aa7578ac7b277c9e256a89521dcf2f696cfd78dd5591eec1d6e8c7c9baed9780d31d0404

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Common.dll

Filesize
146KB

MD5
8adb6e36af05f5465bc1e15664ec56f9

SHA1
ef536bff046a611f3baeac124a3f8fc64d3e00c6

SHA256
8b1389d5361fb61f337a279c5e59f573e065e78a894f16d5acb0f9197d49bdb0

SHA512
4f2b8f7a1c67a7b82c6b140047836544e66a98d5bdf7a50db272dadc8a9ca8987f4e36a98035a00898da280056471a1baba6ec771744ffeaabed37cca1892ff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.ImageControl.dll

Filesize
541KB

MD5
fb9fae3cbc5759ae6a8b0c23b77b967a

SHA1
bb6acc4d453097f103a8d9ef3eddeb18b09d4552

SHA256
3c09066a82ffe69edcb2a457cbf09b87e5613f6096d5a55e4237ebc94d1a804a

SHA512
f529e62a965073766defe4a2d6d90e4a0ad5e0f6fd52f010bcdc5693c0e8746066feaae44980ca65bd725ae6422de907952810439fb16de0ccfa3c8d9b869b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.MetaDataDisplay.dll

Filesize
270KB

MD5
5697e00f780532690391a34f77b15937

SHA1
cf58682c13b02855fa176b62a8bbdc46153f0ad8

SHA256
9e7735edba25b738f230b8671378169d68e9bf71710799fd8f4a01191a2346ea

SHA512
f449f3f932b29470dbe303e466f9271035382572e46f9553e4d19a6ac9f4d775908fceb714ab451b3bdc94a13b8bf5af29303e69f07fbc5481215f8d4cca217e

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.Timeline.dll

Filesize
44KB

MD5
94d9f6dbd2fa9e7e4e706dd941ad4f0e

SHA1
9cfb3be11d647337f7947555c00b38d26d2e5add

SHA256
79c6b7f896927dbd5af96b0c3d5e7f1a9478d1e6a5c0cd547c731638120bf3ad

SHA512
0966387b6a44fa51b1533de55bd966e93c7394bcebe7fefb79656d6ba29771528d12395ea09334b42468a23f777758b7f3dfcc272c6172d3e9cbd3841c26bec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.VideoAudioReview.dll

Filesize
225KB

MD5
d5170094843a3bfb1a9be225788df6b9

SHA1
0d547ec744668f599b616df8ffb5361dc1f049a3

SHA256
106737c4927d75c110713efea384dc5413f07ddd6b7709cbd2d531043258cdf6

SHA512
ea336c2c6b5373f7e5181390320c6a7c0744b26bf8dc3a70ff11068b2735f187d0f0eaab5914ab73071d7b2cd1da7ad57b904d6d7e38fc07aad6295aec77d202

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.VideoDisplay.dll

Filesize
57KB

MD5
ddc9af9000a6358a29ee8481bcd06f65

SHA1
213850227adc2b9e965b028b9e0b331feab8338e

SHA256
fc7bc66ec97655cbdd24c01be5d90d99d1ddd77e6681fb6ee3f58777c2701d23

SHA512
430260923689cd95af38d932c794dd4c25ff1eedef25f3b5a9bf0c663684f36fd672de361ce65e946d82cf8c5e761d2d92ddaa0774ba5bd6b81dcd6084c1618a

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Global.dll

Filesize
8KB

MD5
1fe5a2211694255a2f7e4a515bf85da5

SHA1
7668636bafd8a9a8cb5578d6e0c89e9a684e9523

SHA256
71bdaba634863e5c80e9f2f70edb51c9d352180949f8c57e2496bef4b6b8044e

SHA512
f9efee6c2d421e0d7195177fdb8067602e3451e5fc1dc8976ae8e0174bcd46c854085e369d90db26cf8ee83a68b3fb0497fec689f4cab86e36a2436567188200

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Helper.dll

Filesize
364KB

MD5
1ded367e20f9ed77b8d17a2008654951

SHA1
b154435eb6f82dad54ff14dbc3d8486de71a3df7

SHA256
b12e4e69790631ec525ef2cedf620a99e52194f838dce2cf7510fcc4d0fd0334

SHA512
cb86c0dcf846b0fe200a253515e0f4a4627092e342916d22a98ff8d4d4cd19b8e525bd5e30493e4212c08033634b7e87ba7ddeee50f50ab4506a0419a9acbb8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.R.OEM.dll

Filesize
192KB

MD5
82379e10d545703dfb0e024b856477d3

SHA1
83292598c2eff34040a9665140808eda47f4d5c7

SHA256
b233645f616c585494db9b88c14803103497a2c509041361498cfeab5ea52029

SHA512
3e20b26aa8982cc8364f034767a6564671168617c06e6946b3349af72b9513c880198a4432a2cbc87cee47f8d1a49c6f32ff1033d0f53607047bbc93b0c560d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.R.dll

Filesize
479KB

MD5
58b3580d018b970aaf02e47bb165296b

SHA1
6ca6c1ab45d38f718c5546a2bf980d90fe984210

SHA256
c800478e108b736124c1f5ba1f3d2ef6902ab8c15c7a129e246ec629ba161a67

SHA512
b81c51a9c76e7a51c37cfede8a4109ee298a1b1768321c40789431efb7b66d12489b8a6e216a98d77206a1800554a3c519b2d6c90f5ecd3e1d60b947b4ad16f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Storage.File.dll

Filesize
58KB

MD5
31eb98eee3afb8522bd4488ba7ad5121

SHA1
7d023ab9d44be27efe77fce62a62845ce9ac6ad7

SHA256
c2b56ca5f3ee979772776a8073c2a106427c69f9d7a3a0555c9690cf945776c4

SHA512
94a8b7b6762a42a759f532777ac17768d10c106b0b75f8b8d72d7a150d97d3a076c981b9a7626c903718f5912635f4abfcfd2a254c72fe41d00ac4a4d4f0ddda

Download Submit
C:\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\Xceed.Wpf.Toolkit.dll

Filesize
1.1MB

MD5
77e31ded089e5995f2a2950875c3d393

SHA1
7698e11ae0533cff7edf07bf50e636f74ce28882

SHA256
4bce43cc2a564fffd66d76bd34addc14ee552f753674addf24faf706911d9d16

SHA512
8e15e8379c7a75ec02e0a2da70e91af5ce0580524fa57cfa7602edbe5c890e427c2f1c3524c3b54542155d1796e1463008a838149c3b75a429ebfa8fcc82d03a

Download Submit
\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v84_NET4_x64\System.Data.SQLite.DLL

Filesize
1.2MB

MD5
4fee1e7ec3ee882c08a617305fe5408c

SHA1
9f6d20625bf0a3f2c71486838b87ed8738fda53e

SHA256
387cf86773b9ddfcfd3029cf8512ea6eb33d391254eeedda49ed9afab0b860db

SHA512
4def9d8d32c37ddb065e7c7db7ba3a5b8617ed90c8a96f734e39357ff8c40dc359fb9082c510ecd89a802b72931f29a8c24144035b5242e94ef06fe79dd05bb2

Download Submit
\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v84_NET4_x64\System.Data.SQLite.DLL

Filesize
1.2MB

MD5
4fee1e7ec3ee882c08a617305fe5408c

SHA1
9f6d20625bf0a3f2c71486838b87ed8738fda53e

SHA256
387cf86773b9ddfcfd3029cf8512ea6eb33d391254eeedda49ed9afab0b860db

SHA512
4def9d8d32c37ddb065e7c7db7ba3a5b8617ed90c8a96f734e39357ff8c40dc359fb9082c510ecd89a802b72931f29a8c24144035b5242e94ef06fe79dd05bb2

Download Submit
\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v84_NET4_x64\System.Data.SQLite.DLL

Filesize
1.2MB

MD5
4fee1e7ec3ee882c08a617305fe5408c

SHA1
9f6d20625bf0a3f2c71486838b87ed8738fda53e

SHA256
387cf86773b9ddfcfd3029cf8512ea6eb33d391254eeedda49ed9afab0b860db

SHA512
4def9d8d32c37ddb065e7c7db7ba3a5b8617ed90c8a96f734e39357ff8c40dc359fb9082c510ecd89a802b72931f29a8c24144035b5242e94ef06fe79dd05bb2

Download Submit
\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v84_NET4_x64\System.Data.SQLite.DLL

Filesize
1.2MB

MD5
4fee1e7ec3ee882c08a617305fe5408c

SHA1
9f6d20625bf0a3f2c71486838b87ed8738fda53e

SHA256
387cf86773b9ddfcfd3029cf8512ea6eb33d391254eeedda49ed9afab0b860db

SHA512
4def9d8d32c37ddb065e7c7db7ba3a5b8617ed90c8a96f734e39357ff8c40dc359fb9082c510ecd89a802b72931f29a8c24144035b5242e94ef06fe79dd05bb2

Download Submit
\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v84_NET4_x64\System.Data.SQLite.DLL

Filesize
1.2MB

MD5
4fee1e7ec3ee882c08a617305fe5408c

SHA1
9f6d20625bf0a3f2c71486838b87ed8738fda53e

SHA256
387cf86773b9ddfcfd3029cf8512ea6eb33d391254eeedda49ed9afab0b860db

SHA512
4def9d8d32c37ddb065e7c7db7ba3a5b8617ed90c8a96f734e39357ff8c40dc359fb9082c510ecd89a802b72931f29a8c24144035b5242e94ef06fe79dd05bb2

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\NexViewPlayer.exe

Filesize
44KB

MD5
a6707cb06f43eb2357e23a83a78a77d2

SHA1
e82c1fc3f277b59cfb45b0fda7ff437da79dca74

SHA256
a9cfec3a51dfae35230bb040b7a60184f2c63bb3118faa4472ca3294f2607faf

SHA512
31c64e7bc25796500d231ee6a6f1284b58a84dc37654c161d98d728ebc96508c07e91d1bb5eeac4add3aebf27f9bf0217e813573707ab3aab4ecd5b20a5f0a18

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\NexViewPlayer.exe

Filesize
44KB

MD5
a6707cb06f43eb2357e23a83a78a77d2

SHA1
e82c1fc3f277b59cfb45b0fda7ff437da79dca74

SHA256
a9cfec3a51dfae35230bb040b7a60184f2c63bb3118faa4472ca3294f2607faf

SHA512
31c64e7bc25796500d231ee6a6f1284b58a84dc37654c161d98d728ebc96508c07e91d1bb5eeac4add3aebf27f9bf0217e813573707ab3aab4ecd5b20a5f0a18

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\NexViewPlayer.exe

Filesize
44KB

MD5
a6707cb06f43eb2357e23a83a78a77d2

SHA1
e82c1fc3f277b59cfb45b0fda7ff437da79dca74

SHA256
a9cfec3a51dfae35230bb040b7a60184f2c63bb3118faa4472ca3294f2607faf

SHA512
31c64e7bc25796500d231ee6a6f1284b58a84dc37654c161d98d728ebc96508c07e91d1bb5eeac4add3aebf27f9bf0217e813573707ab3aab4ecd5b20a5f0a18

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\NexViewPlayer.exe

Filesize
44KB

MD5
a6707cb06f43eb2357e23a83a78a77d2

SHA1
e82c1fc3f277b59cfb45b0fda7ff437da79dca74

SHA256
a9cfec3a51dfae35230bb040b7a60184f2c63bb3118faa4472ca3294f2607faf

SHA512
31c64e7bc25796500d231ee6a6f1284b58a84dc37654c161d98d728ebc96508c07e91d1bb5eeac4add3aebf27f9bf0217e813573707ab3aab4ecd5b20a5f0a18

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\NexViewPlayer.exe

Filesize
44KB

MD5
a6707cb06f43eb2357e23a83a78a77d2

SHA1
e82c1fc3f277b59cfb45b0fda7ff437da79dca74

SHA256
a9cfec3a51dfae35230bb040b7a60184f2c63bb3118faa4472ca3294f2607faf

SHA512
31c64e7bc25796500d231ee6a6f1284b58a84dc37654c161d98d728ebc96508c07e91d1bb5eeac4add3aebf27f9bf0217e813573707ab3aab4ecd5b20a5f0a18

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\NexViewPlayer.exe

Filesize
44KB

MD5
a6707cb06f43eb2357e23a83a78a77d2

SHA1
e82c1fc3f277b59cfb45b0fda7ff437da79dca74

SHA256
a9cfec3a51dfae35230bb040b7a60184f2c63bb3118faa4472ca3294f2607faf

SHA512
31c64e7bc25796500d231ee6a6f1284b58a84dc37654c161d98d728ebc96508c07e91d1bb5eeac4add3aebf27f9bf0217e813573707ab3aab4ecd5b20a5f0a18

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\NexViewPlayer.exe

Filesize
44KB

MD5
a6707cb06f43eb2357e23a83a78a77d2

SHA1
e82c1fc3f277b59cfb45b0fda7ff437da79dca74

SHA256
a9cfec3a51dfae35230bb040b7a60184f2c63bb3118faa4472ca3294f2607faf

SHA512
31c64e7bc25796500d231ee6a6f1284b58a84dc37654c161d98d728ebc96508c07e91d1bb5eeac4add3aebf27f9bf0217e813573707ab3aab4ecd5b20a5f0a18

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\SQLite.Interop.dll

Filesize
1.4MB

MD5
be061c3806fd219cbb5cc59933fa832c

SHA1
14b30781a22aaa373ad6841afef5603bd9623ee6

SHA256
57bd20d330834cda1c14a980754581309888d9a86ad9661bf0f3900b8aed1c0b

SHA512
67383936dadddfa5e08c6e659ed255def35677b2096bdf35215c1cc2be1da3a81660ae6782c39e554ee5135eff9dca804d01bb84fd65c9d89258b0e2be18d18f

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Common.DataHub.dll

Filesize
66KB

MD5
c652bacea238142c3b1367ba2414bbfc

SHA1
76b33aacf032276f099b10152fed1c32fcb79ce9

SHA256
b7b4d83119e40babffba8a6ab830e365edc797b53e9201f0a2b5b75f1973870f

SHA512
2691aa59bc2409de1729797070ad6db61162d1a38c341e2df2591f11aa7578ac7b277c9e256a89521dcf2f696cfd78dd5591eec1d6e8c7c9baed9780d31d0404

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Common.DataHub.dll

Filesize
66KB

MD5
c652bacea238142c3b1367ba2414bbfc

SHA1
76b33aacf032276f099b10152fed1c32fcb79ce9

SHA256
b7b4d83119e40babffba8a6ab830e365edc797b53e9201f0a2b5b75f1973870f

SHA512
2691aa59bc2409de1729797070ad6db61162d1a38c341e2df2591f11aa7578ac7b277c9e256a89521dcf2f696cfd78dd5591eec1d6e8c7c9baed9780d31d0404

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Common.dll

Filesize
146KB

MD5
8adb6e36af05f5465bc1e15664ec56f9

SHA1
ef536bff046a611f3baeac124a3f8fc64d3e00c6

SHA256
8b1389d5361fb61f337a279c5e59f573e065e78a894f16d5acb0f9197d49bdb0

SHA512
4f2b8f7a1c67a7b82c6b140047836544e66a98d5bdf7a50db272dadc8a9ca8987f4e36a98035a00898da280056471a1baba6ec771744ffeaabed37cca1892ff6

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Common.dll

Filesize
146KB

MD5
8adb6e36af05f5465bc1e15664ec56f9

SHA1
ef536bff046a611f3baeac124a3f8fc64d3e00c6

SHA256
8b1389d5361fb61f337a279c5e59f573e065e78a894f16d5acb0f9197d49bdb0

SHA512
4f2b8f7a1c67a7b82c6b140047836544e66a98d5bdf7a50db272dadc8a9ca8987f4e36a98035a00898da280056471a1baba6ec771744ffeaabed37cca1892ff6

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.ImageControl.dll

Filesize
541KB

MD5
fb9fae3cbc5759ae6a8b0c23b77b967a

SHA1
bb6acc4d453097f103a8d9ef3eddeb18b09d4552

SHA256
3c09066a82ffe69edcb2a457cbf09b87e5613f6096d5a55e4237ebc94d1a804a

SHA512
f529e62a965073766defe4a2d6d90e4a0ad5e0f6fd52f010bcdc5693c0e8746066feaae44980ca65bd725ae6422de907952810439fb16de0ccfa3c8d9b869b51

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.ImageControl.dll

Filesize
541KB

MD5
fb9fae3cbc5759ae6a8b0c23b77b967a

SHA1
bb6acc4d453097f103a8d9ef3eddeb18b09d4552

SHA256
3c09066a82ffe69edcb2a457cbf09b87e5613f6096d5a55e4237ebc94d1a804a

SHA512
f529e62a965073766defe4a2d6d90e4a0ad5e0f6fd52f010bcdc5693c0e8746066feaae44980ca65bd725ae6422de907952810439fb16de0ccfa3c8d9b869b51

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.MetaDataDisplay.dll

Filesize
270KB

MD5
5697e00f780532690391a34f77b15937

SHA1
cf58682c13b02855fa176b62a8bbdc46153f0ad8

SHA256
9e7735edba25b738f230b8671378169d68e9bf71710799fd8f4a01191a2346ea

SHA512
f449f3f932b29470dbe303e466f9271035382572e46f9553e4d19a6ac9f4d775908fceb714ab451b3bdc94a13b8bf5af29303e69f07fbc5481215f8d4cca217e

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.MetaDataDisplay.dll

Filesize
270KB

MD5
5697e00f780532690391a34f77b15937

SHA1
cf58682c13b02855fa176b62a8bbdc46153f0ad8

SHA256
9e7735edba25b738f230b8671378169d68e9bf71710799fd8f4a01191a2346ea

SHA512
f449f3f932b29470dbe303e466f9271035382572e46f9553e4d19a6ac9f4d775908fceb714ab451b3bdc94a13b8bf5af29303e69f07fbc5481215f8d4cca217e

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.Timeline.dll

Filesize
44KB

MD5
94d9f6dbd2fa9e7e4e706dd941ad4f0e

SHA1
9cfb3be11d647337f7947555c00b38d26d2e5add

SHA256
79c6b7f896927dbd5af96b0c3d5e7f1a9478d1e6a5c0cd547c731638120bf3ad

SHA512
0966387b6a44fa51b1533de55bd966e93c7394bcebe7fefb79656d6ba29771528d12395ea09334b42468a23f777758b7f3dfcc272c6172d3e9cbd3841c26bec6

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.Timeline.dll

Filesize
44KB

MD5
94d9f6dbd2fa9e7e4e706dd941ad4f0e

SHA1
9cfb3be11d647337f7947555c00b38d26d2e5add

SHA256
79c6b7f896927dbd5af96b0c3d5e7f1a9478d1e6a5c0cd547c731638120bf3ad

SHA512
0966387b6a44fa51b1533de55bd966e93c7394bcebe7fefb79656d6ba29771528d12395ea09334b42468a23f777758b7f3dfcc272c6172d3e9cbd3841c26bec6

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.VideoAudioReview.dll

Filesize
225KB

MD5
d5170094843a3bfb1a9be225788df6b9

SHA1
0d547ec744668f599b616df8ffb5361dc1f049a3

SHA256
106737c4927d75c110713efea384dc5413f07ddd6b7709cbd2d531043258cdf6

SHA512
ea336c2c6b5373f7e5181390320c6a7c0744b26bf8dc3a70ff11068b2735f187d0f0eaab5914ab73071d7b2cd1da7ad57b904d6d7e38fc07aad6295aec77d202

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.VideoAudioReview.dll

Filesize
225KB

MD5
d5170094843a3bfb1a9be225788df6b9

SHA1
0d547ec744668f599b616df8ffb5361dc1f049a3

SHA256
106737c4927d75c110713efea384dc5413f07ddd6b7709cbd2d531043258cdf6

SHA512
ea336c2c6b5373f7e5181390320c6a7c0744b26bf8dc3a70ff11068b2735f187d0f0eaab5914ab73071d7b2cd1da7ad57b904d6d7e38fc07aad6295aec77d202

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.VideoDisplay.dll

Filesize
57KB

MD5
ddc9af9000a6358a29ee8481bcd06f65

SHA1
213850227adc2b9e965b028b9e0b331feab8338e

SHA256
fc7bc66ec97655cbdd24c01be5d90d99d1ddd77e6681fb6ee3f58777c2701d23

SHA512
430260923689cd95af38d932c794dd4c25ff1eedef25f3b5a9bf0c663684f36fd672de361ce65e946d82cf8c5e761d2d92ddaa0774ba5bd6b81dcd6084c1618a

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Controls.VideoDisplay.dll

Filesize
57KB

MD5
ddc9af9000a6358a29ee8481bcd06f65

SHA1
213850227adc2b9e965b028b9e0b331feab8338e

SHA256
fc7bc66ec97655cbdd24c01be5d90d99d1ddd77e6681fb6ee3f58777c2701d23

SHA512
430260923689cd95af38d932c794dd4c25ff1eedef25f3b5a9bf0c663684f36fd672de361ce65e946d82cf8c5e761d2d92ddaa0774ba5bd6b81dcd6084c1618a

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Global.dll

Filesize
8KB

MD5
1fe5a2211694255a2f7e4a515bf85da5

SHA1
7668636bafd8a9a8cb5578d6e0c89e9a684e9523

SHA256
71bdaba634863e5c80e9f2f70edb51c9d352180949f8c57e2496bef4b6b8044e

SHA512
f9efee6c2d421e0d7195177fdb8067602e3451e5fc1dc8976ae8e0174bcd46c854085e369d90db26cf8ee83a68b3fb0497fec689f4cab86e36a2436567188200

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Global.dll

Filesize
8KB

MD5
1fe5a2211694255a2f7e4a515bf85da5

SHA1
7668636bafd8a9a8cb5578d6e0c89e9a684e9523

SHA256
71bdaba634863e5c80e9f2f70edb51c9d352180949f8c57e2496bef4b6b8044e

SHA512
f9efee6c2d421e0d7195177fdb8067602e3451e5fc1dc8976ae8e0174bcd46c854085e369d90db26cf8ee83a68b3fb0497fec689f4cab86e36a2436567188200

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Helper.dll

Filesize
364KB

MD5
1ded367e20f9ed77b8d17a2008654951

SHA1
b154435eb6f82dad54ff14dbc3d8486de71a3df7

SHA256
b12e4e69790631ec525ef2cedf620a99e52194f838dce2cf7510fcc4d0fd0334

SHA512
cb86c0dcf846b0fe200a253515e0f4a4627092e342916d22a98ff8d4d4cd19b8e525bd5e30493e4212c08033634b7e87ba7ddeee50f50ab4506a0419a9acbb8f

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Helper.dll

Filesize
364KB

MD5
1ded367e20f9ed77b8d17a2008654951

SHA1
b154435eb6f82dad54ff14dbc3d8486de71a3df7

SHA256
b12e4e69790631ec525ef2cedf620a99e52194f838dce2cf7510fcc4d0fd0334

SHA512
cb86c0dcf846b0fe200a253515e0f4a4627092e342916d22a98ff8d4d4cd19b8e525bd5e30493e4212c08033634b7e87ba7ddeee50f50ab4506a0419a9acbb8f

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.R.OEM.dll

Filesize
192KB

MD5
82379e10d545703dfb0e024b856477d3

SHA1
83292598c2eff34040a9665140808eda47f4d5c7

SHA256
b233645f616c585494db9b88c14803103497a2c509041361498cfeab5ea52029

SHA512
3e20b26aa8982cc8364f034767a6564671168617c06e6946b3349af72b9513c880198a4432a2cbc87cee47f8d1a49c6f32ff1033d0f53607047bbc93b0c560d1

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.R.OEM.dll

Filesize
192KB

MD5
82379e10d545703dfb0e024b856477d3

SHA1
83292598c2eff34040a9665140808eda47f4d5c7

SHA256
b233645f616c585494db9b88c14803103497a2c509041361498cfeab5ea52029

SHA512
3e20b26aa8982cc8364f034767a6564671168617c06e6946b3349af72b9513c880198a4432a2cbc87cee47f8d1a49c6f32ff1033d0f53607047bbc93b0c560d1

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.R.dll

Filesize
479KB

MD5
58b3580d018b970aaf02e47bb165296b

SHA1
6ca6c1ab45d38f718c5546a2bf980d90fe984210

SHA256
c800478e108b736124c1f5ba1f3d2ef6902ab8c15c7a129e246ec629ba161a67

SHA512
b81c51a9c76e7a51c37cfede8a4109ee298a1b1768321c40789431efb7b66d12489b8a6e216a98d77206a1800554a3c519b2d6c90f5ecd3e1d60b947b4ad16f1

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.R.dll

Filesize
479KB

MD5
58b3580d018b970aaf02e47bb165296b

SHA1
6ca6c1ab45d38f718c5546a2bf980d90fe984210

SHA256
c800478e108b736124c1f5ba1f3d2ef6902ab8c15c7a129e246ec629ba161a67

SHA512
b81c51a9c76e7a51c37cfede8a4109ee298a1b1768321c40789431efb7b66d12489b8a6e216a98d77206a1800554a3c519b2d6c90f5ecd3e1d60b947b4ad16f1

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Storage.File.dll

Filesize
58KB

MD5
31eb98eee3afb8522bd4488ba7ad5121

SHA1
7d023ab9d44be27efe77fce62a62845ce9ac6ad7

SHA256
c2b56ca5f3ee979772776a8073c2a106427c69f9d7a3a0555c9690cf945776c4

SHA512
94a8b7b6762a42a759f532777ac17768d10c106b0b75f8b8d72d7a150d97d3a076c981b9a7626c903718f5912635f4abfcfd2a254c72fe41d00ac4a4d4f0ddda

Download Submit
\Users\Admin\AppData\Local\Temp\35xxtaon.3qk\VGN.Storage.File.dll

Filesize
58KB

MD5
31eb98eee3afb8522bd4488ba7ad5121

SHA1
7d023ab9d44be27efe77fce62a62845ce9ac6ad7

SHA256
c2b56ca5f3ee979772776a8073c2a106427c69f9d7a3a0555c9690cf945776c4

SHA512
94a8b7b6762a42a759f532777ac17768d10c106b0b75f8b8d72d7a150d97d3a076c981b9a7626c903718f5912635f4abfcfd2a254c72fe41d00ac4a4d4f0ddda

Download Submit
memory/1032-146-0x0000000000000000-mapping.dmp

Download
memory/1108-55-0x0000000000750000-0x000000000075A000-memory.dmp

Filesize
40KB

Download
memory/1108-56-0x000000001BE16000-0x000000001BE35000-memory.dmp

Filesize
124KB

Download
memory/1108-62-0x000000001BE16000-0x000000001BE35000-memory.dmp

Filesize
124KB

Download
memory/1108-54-0x000000013F3B0000-0x000000013F3BA000-memory.dmp

Filesize
40KB

Download
memory/1212-130-0x000000001E060000-0x000000001E0C0000-memory.dmp

Filesize
384KB

Download
memory/1212-137-0x000000001D3E0000-0x000000001D40C000-memory.dmp

Filesize
176KB

Download
memory/1212-123-0x000000001C4B0000-0x000000001C4FA000-memory.dmp

Filesize
296KB

Download
memory/1212-89-0x0000000000660000-0x000000000066A000-memory.dmp

Filesize
40KB

Download
memory/1212-121-0x000000001BFD0000-0x000000001C02A000-memory.dmp

Filesize
360KB

Download
memory/1212-91-0x000000001BD90000-0x000000001BE16000-memory.dmp

Filesize
536KB

Download
memory/1212-88-0x0000000000660000-0x000000000066A000-memory.dmp

Filesize
40KB

Download
memory/1212-128-0x000000001C950000-0x000000001C964000-memory.dmp

Filesize
80KB

Download
memory/1212-119-0x000000001C430000-0x000000001C4B0000-memory.dmp

Filesize
512KB

Download
memory/1212-109-0x000000001B9E0000-0x000000001BA28000-memory.dmp

Filesize
288KB

Download
memory/1212-95-0x0000000000920000-0x0000000000932000-memory.dmp

Filesize
72KB

Download
memory/1212-86-0x000000001B960000-0x000000001B9DC000-memory.dmp

Filesize
496KB

Download
memory/1212-133-0x000000001CA20000-0x000000001CA45000-memory.dmp

Filesize
148KB

Download
memory/1212-82-0x0000000000170000-0x0000000000186000-memory.dmp

Filesize
88KB

Download
memory/1212-135-0x0000000021A80000-0x0000000021CDC000-memory.dmp

Filesize
2.4MB

Download
memory/1212-90-0x000000001BED6000-0x000000001BEF5000-memory.dmp

Filesize
124KB

Download
memory/1212-78-0x0000000000A50000-0x0000000000A8C000-memory.dmp

Filesize
240KB

Download
memory/1212-74-0x00000000008E0000-0x0000000000914000-memory.dmp

Filesize
208KB

Download
memory/1212-117-0x000000001BFA0000-0x000000001BFCA000-memory.dmp

Filesize
168KB

Download
memory/1212-140-0x0000000022740000-0x000000002287F000-memory.dmp

Filesize
1.2MB

Download
memory/1212-99-0x0000000000150000-0x0000000000160000-memory.dmp

Filesize
64KB

Download
memory/1212-70-0x0000000000590000-0x00000000005BA000-memory.dmp

Filesize
168KB

Download
memory/1212-66-0x0000000000160000-0x0000000000166000-memory.dmp

Filesize
24KB

Download
memory/1212-144-0x0000000000660000-0x000000000066A000-memory.dmp

Filesize
40KB

Download
memory/1212-145-0x000000001BED6000-0x000000001BEF5000-memory.dmp

Filesize
124KB

Download
memory/1212-115-0x000000001BF50000-0x000000001BF9C000-memory.dmp

Filesize
304KB

Download
memory/1212-113-0x000000001BE20000-0x000000001BEAC000-memory.dmp

Filesize
560KB

Download
memory/1212-61-0x000000013FEC0000-0x000000013FED0000-memory.dmp

Filesize
64KB

Download
memory/1212-58-0x0000000000000000-mapping.dmp

Download
memory/1212-103-0x000000001B170000-0x000000001B1D0000-memory.dmp

Filesize
384KB

Download
memory/1212-105-0x000000001D2B0000-0x000000001D3D2000-memory.dmp

Filesize
1.1MB

Download