606f8db3ecc820d947b2cc2ea9d2048ed26aca40dbef008f7cc38548dc915e5c

Analysis

max time kernel
56s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
31-01-2023 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Feather Launcher Setup 1.3.6.exe
Size

99.5MB
MD5

defa7199048743c82fba9e765bdce034
SHA1

fc448aecad6b2d1ae140e05a24844d1647403111
SHA256

606f8db3ecc820d947b2cc2ea9d2048ed26aca40dbef008f7cc38548dc915e5c
SHA512

015700e3e5c3aa20dc6cd134de0290cd3da9bb01dd29fd112d1c3fc460611a1acc50bbbd385d8838bcef299daf9784f876a34276005e7b2f536ba2692276309a
SSDEEP

3145728:xBFkGDvcGa5cXZp2UlOajFq8orFO7Ahhq60XYJMP2ZD:L/vcGa5C20OaR57Ahh9mxeD

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
680	vcredist_x64.exe

Loads dropped DLL 21 IoCs

pid	Process
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1272	Process not Found
1272	Process not Found
1272	Process not Found
1272	Process not Found
1272	Process not Found
1272	Process not Found
1272	Process not Found
1272	Process not Found
680	vcredist_x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Feather Launcher\Feather Launcher.exe	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\LICENSES.chromium.html	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\fa.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\mr.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\vi.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\d3dcompiler_47.dll	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\chrome_100_percent.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\fil.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\tr.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\resources\app-update.yml	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\ru.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\chrome_100_percent.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\libEGL.dll	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\Uninstall Feather Launcher.exe	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\pl.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\ru.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\chrome_200_percent.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\chrome_200_percent.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\bn.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\lv.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\LICENSE.electron.txt	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\id.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\nl.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\sl.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\vk_swiftshader_icd.json	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\vulkan-1.dll	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\bg.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\de.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\gu.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\lt.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\resources\app.asar.unpacked\native\cleanup.feather	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\he.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\kn.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\ro.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\sv.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\sw.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\v8_context_snapshot.bin	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\it.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\nb.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\pt-PT.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\ro.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\v8_context_snapshot.bin	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\resources\elevate.exe	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\en-GB.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\es-419.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\nl.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\uk.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\nb.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\ar.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\bn.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\he.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\lv.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\cs.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\hu.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\pt-PT.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\ta.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\zh-TW.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\libEGL.dll	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\en-US.pak	Feather Launcher Setup 1.3.6.exe
File opened for modification	C:\Program Files\Feather Launcher\locales\fi.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\gu.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\hr.pak	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\resources\app.asar.unpacked\native\cleanup.feather	Feather Launcher Setup 1.3.6.exe
File created	C:\Program Files\Feather Launcher\locales\bg.pak	Feather Launcher Setup 1.3.6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe
1252	Feather Launcher Setup 1.3.6.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1252	Feather Launcher Setup 1.3.6.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 680	1252	Feather Launcher Setup 1.3.6.exe	28
PID 1252 wrote to memory of 680	1252	Feather Launcher Setup 1.3.6.exe	28
PID 1252 wrote to memory of 680	1252	Feather Launcher Setup 1.3.6.exe	28
PID 1252 wrote to memory of 680	1252	Feather Launcher Setup 1.3.6.exe	28
PID 1252 wrote to memory of 680	1252	Feather Launcher Setup 1.3.6.exe	28
PID 1252 wrote to memory of 680	1252	Feather Launcher Setup 1.3.6.exe	28
PID 1252 wrote to memory of 680	1252	Feather Launcher Setup 1.3.6.exe	28
PID 680 wrote to memory of 1684	680	vcredist_x64.exe	30
PID 680 wrote to memory of 1684	680	vcredist_x64.exe	30
PID 680 wrote to memory of 1684	680	vcredist_x64.exe	30
PID 680 wrote to memory of 1684	680	vcredist_x64.exe	30
PID 680 wrote to memory of 1684	680	vcredist_x64.exe	30
PID 680 wrote to memory of 1684	680	vcredist_x64.exe	30
PID 680 wrote to memory of 1684	680	vcredist_x64.exe	30

C:\Users\Admin\AppData\Local\Temp\Feather Launcher Setup 1.3.6.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Launcher Setup 1.3.6.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Users\Admin\AppData\Local\Temp\nsy2879.tmp\vcredist_x64.exe
  "C:\Users\Admin\AppData\Local\Temp\nsy2879.tmp\vcredist_x64.exe" /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:680
- - C:\Users\Admin\AppData\Local\Temp\nsy2879.tmp\vcredist_x64.exe
    "C:\Users\Admin\AppData\Local\Temp\nsy2879.tmp\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{0AE3A667-F23A-4385-8281-56BFCC2B375E} {E82B21F3-574F-43EC-9AA2-F684C70F7875} 680
    3⤵
    PID:1684

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy2879.tmp\vcredist_x64.exe

Filesize
6.9MB

MD5
b364dd867258dfc79342e00d57c81bb5

SHA1
c990b86c2f8064c53f1de8c0bffe2d1c463aaa88

SHA256
8588eb697eb2049344e6206d2b66ff63104f1c55e553621ab8ecc504d6b9e9d4

SHA512
d5d5408d7a0bd7731761c601232df77a972592bf027f29771d17fa7b62103b43d98b55516bbf7d45611658a2e477a60ce4cf89a349a85c4abe33186278f4c44f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy2879.tmp\vcredist_x64.exe

Filesize
6.9MB

MD5
b364dd867258dfc79342e00d57c81bb5

SHA1
c990b86c2f8064c53f1de8c0bffe2d1c463aaa88

SHA256
8588eb697eb2049344e6206d2b66ff63104f1c55e553621ab8ecc504d6b9e9d4

SHA512
d5d5408d7a0bd7731761c601232df77a972592bf027f29771d17fa7b62103b43d98b55516bbf7d45611658a2e477a60ce4cf89a349a85c4abe33186278f4c44f

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
130.1MB

MD5
b7c4f401ca969e3158ddccf742b919a8

SHA1
65da487c721820badc4f9adb6bd0f745a7f57d1d

SHA256
feeb156c0f44f3ea6e7b43e3482d8a763ca77e0eee3be67cc31b70b865ecfa7d

SHA512
16bb8b7220006a7554966a815df684b0555cb9231aa48013e104e127498511b4c3f876b3f7fc925246cda985c79a8d68167eb82813cfbc158df902f7213947e2

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2879.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2879.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2879.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2879.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2879.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2879.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2879.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2879.tmp\vcredist_x64.exe

Filesize
6.9MB

MD5
b364dd867258dfc79342e00d57c81bb5

SHA1
c990b86c2f8064c53f1de8c0bffe2d1c463aaa88

SHA256
8588eb697eb2049344e6206d2b66ff63104f1c55e553621ab8ecc504d6b9e9d4

SHA512
d5d5408d7a0bd7731761c601232df77a972592bf027f29771d17fa7b62103b43d98b55516bbf7d45611658a2e477a60ce4cf89a349a85c4abe33186278f4c44f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2879.tmp\vcredist_x64.exe

Filesize
6.9MB

MD5
b364dd867258dfc79342e00d57c81bb5

SHA1
c990b86c2f8064c53f1de8c0bffe2d1c463aaa88

SHA256
8588eb697eb2049344e6206d2b66ff63104f1c55e553621ab8ecc504d6b9e9d4

SHA512
d5d5408d7a0bd7731761c601232df77a972592bf027f29771d17fa7b62103b43d98b55516bbf7d45611658a2e477a60ce4cf89a349a85c4abe33186278f4c44f

Download Submit
memory/1252-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download