f15224e3e325ad3dadc32bc673a01de87ad11476fccd52ff8543f8deec7f715d

Analysis

max time kernel
156s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
08/03/2023, 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SteelSeriesGG33.0.0Setup.exe
Size

269.6MB
MD5

79e8c9b0116f24190399de55f0df12da
SHA1

5de0056922e6f195968f120209019d8680761056
SHA256

f15224e3e325ad3dadc32bc673a01de87ad11476fccd52ff8543f8deec7f715d
SHA512

2c25ab3a20d5286752f222edefb14034709c490a177b3e2a05e28278be63f7598869aeab763047a3236da8a35d578d47a5cc7b5ae3367d44fe54f6304843bae6
SSDEEP

6291456:XLRtDDI7tbCY7t7bgQXBfGTNeJWME9gj8NHgqETKrACzV7F:FtstbN7tpuZ8/w9PV

Score

8^/10

evasion upx

Malware Config

Signatures

Stops running service(s) 3 TTPs
evasion

Modify Existing Service
T1031

Impair Defenses
T1562

Service Stop
T1489

ACProtect 1.3x - 1.4x DLL software 17 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0006000000022fa3-310.dat	acprotect
behavioral2/files/0x0006000000022fa3-550.dat	acprotect
behavioral2/files/0x0006000000022fa3-549.dat	acprotect
behavioral2/files/0x0006000000022fa3-552.dat	acprotect
behavioral2/files/0x0006000000022fa3-555.dat	acprotect
behavioral2/files/0x0006000000022fa3-558.dat	acprotect
behavioral2/files/0x0006000000022fa3-561.dat	acprotect
behavioral2/files/0x0006000000022fa3-564.dat	acprotect
behavioral2/files/0x0006000000022fa3-567.dat	acprotect
behavioral2/files/0x0006000000022fa3-570.dat	acprotect
behavioral2/files/0x0006000000022fa3-573.dat	acprotect
behavioral2/files/0x0006000000022fa3-576.dat	acprotect
behavioral2/files/0x0006000000022fa3-579.dat	acprotect
behavioral2/files/0x0006000000022fa3-582.dat	acprotect
behavioral2/files/0x0006000000022fa3-585.dat	acprotect
behavioral2/files/0x0006000000022fa3-588.dat	acprotect
behavioral2/files/0x0006000000022fa3-591.dat	acprotect

Executes dropped EXE 4 IoCs

pid	Process
4572	dxsetup.exe
2348	infinst.exe
4240	infinst.exe
1560	infinst.exe

Loads dropped DLL 64 IoCs

pid	Process
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0006000000022fa3-310.dat	upx
behavioral2/files/0x0006000000022fa3-550.dat	upx
behavioral2/files/0x0006000000022fa3-549.dat	upx
behavioral2/files/0x0006000000022fa3-552.dat	upx
behavioral2/files/0x0006000000022fa3-555.dat	upx
behavioral2/files/0x0006000000022fa3-558.dat	upx
behavioral2/files/0x0006000000022fa3-561.dat	upx
behavioral2/files/0x0006000000022fa3-564.dat	upx
behavioral2/files/0x0006000000022fa3-567.dat	upx
behavioral2/files/0x0006000000022fa3-570.dat	upx
behavioral2/files/0x0006000000022fa3-573.dat	upx
behavioral2/files/0x0006000000022fa3-576.dat	upx
behavioral2/files/0x0006000000022fa3-579.dat	upx
behavioral2/files/0x0006000000022fa3-582.dat	upx
behavioral2/files/0x0006000000022fa3-585.dat	upx
behavioral2/files/0x0006000000022fa3-588.dat	upx
behavioral2/files/0x0006000000022fa3-591.dat	upx

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\SET66DE.tmp	infinst.exe
File created	C:\Windows\system32\SET66DE.tmp	infinst.exe
File opened for modification	C:\Windows\system32\SET67F7.tmp	infinst.exe
File created	C:\Windows\system32\SET67F7.tmp	infinst.exe
File opened for modification	C:\Windows\system32\D3DCompiler_43.dll	infinst.exe
File opened for modification	C:\Windows\system32\xinput1_3.dll	infinst.exe
File opened for modification	C:\Windows\system32\SET68C2.tmp	infinst.exe
File created	C:\Windows\system32\SET68C2.tmp	infinst.exe
File opened for modification	C:\Windows\system32\d3dx11_43.dll	infinst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\apex_3_tkl.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\rival-105.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110262\firmware-arctis-1x-tx-v1.6.0.ff	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111111\firmware-apex-m500-0x015.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\cvgamesense\api-ms-win-core-heap-l1-1-0.dll	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\cvgamesense\cvevent\games\rocket_league\gamepkg.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\assets\gradient_transparent_white.png	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\aerox_5_wireless_destiny_2_mouse.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\msi-ge76-klc-disco.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\siberia-840.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110294\firmware-arctis-7p-rx-v1.1.0.ef	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\locales\ar.pak	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111144\firmware-apex-pro-tkl-1.9.2.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\assets\sprite.shader	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\kinzu-v3-mouse_base.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\prime_mini_wireless_shared.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111638\version.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\msi-gs77-klc.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\msi-steelseries-gaming-kb-gp76.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\prime.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111662\firmware-prime-v1.0.15+4244c08.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\cvgamesense\cvevent\games\overwatch\gamepkg.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\msi-gs63.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110322\version.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111122\layout.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111390\firmware-rival-310-howl-1.24-B136.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111408\firmware-rival710-0.114.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272113666\version.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\arctis_nova_pro_v2.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\base_apex_2022_mini_layout_lighting.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110876\version.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111392\secondary-firmware-rival-310-1.17-B108.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272114176\version.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\apex-mech.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110144\version.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111632\firmware-rival-300s-0x39.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\sims4-headset.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110872\version.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111372\firmware-rival-100-0x065.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111664\version.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272114188\firmware_arctis_7_plus_rx_1.13.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\cvgamesense\api-ms-win-core-processthreads-l1-1-1.dll	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\locales\sr.pak	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\localization\en_US.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\apex-m750.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111710\version.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\configurationMigrations\apex_pro_tkl_wireless.migration	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\sensei-raw-optical-rgb.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272112133\fw-arena-9-5680-2.2.17.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\cvgamesense\api-ms-win-core-profile-l1-1-0.dll	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\prime_r6.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\rival-700.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\guildwars2-mouse.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\rival-106.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\driver\legacy\Win10\amd64\sttube.cat	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272109884\version.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110096\firmware-d3h-15.03.03.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111128\keyboard-app.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111156\version.json	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\moments\beta\gsdk.dll	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\sonar\driver\apoDriverPackage\DnnProcessor.dll	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\deviceSpecifications\aerox-3.edevice	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111120\keyboard-app.bin	SteelSeriesGG33.0.0Setup.exe
File created	C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111403\firmware-rival-650-wireless-1.26-B313.bin	SteelSeriesGG33.0.0Setup.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DirectX.log	dxsetup.exe
File opened for modification	C:\Windows\DirectX.log	infinst.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe

Launches sc.exe 2 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3896	sc.exe
1096	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000206f4107d723b55a0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000206f41070000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900206f4107000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000206f410700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000206f410700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery

T1057

pid	Process
1328	tasklist.exe
3268	tasklist.exe

Kills process with taskkill 21 IoCs

evasion

pid	Process
2476	taskkill.exe
2080	taskkill.exe
4408	taskkill.exe
5016	taskkill.exe
4028	taskkill.exe
448	taskkill.exe
860	taskkill.exe
1660	taskkill.exe
5096	taskkill.exe
980	taskkill.exe
3520	taskkill.exe
1656	taskkill.exe
2612	taskkill.exe
4648	taskkill.exe
4860	taskkill.exe
2244	taskkill.exe
1588	taskkill.exe
4544	taskkill.exe
2796	taskkill.exe
4996	taskkill.exe
2212	taskkill.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe
1452	SteelSeriesGG33.0.0Setup.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeDebugPrivilege	1660	taskkill.exe
Token: SeDebugPrivilege	1328	tasklist.exe
Token: SeDebugPrivilege	5096	taskkill.exe
Token: SeDebugPrivilege	3268	tasklist.exe
Token: SeDebugPrivilege	1656	taskkill.exe
Token: SeDebugPrivilege	4544	taskkill.exe
Token: SeDebugPrivilege	980	taskkill.exe
Token: SeDebugPrivilege	2796	taskkill.exe
Token: SeDebugPrivilege	2476	taskkill.exe
Token: SeDebugPrivilege	2612	taskkill.exe
Token: SeDebugPrivilege	4996	taskkill.exe
Token: SeDebugPrivilege	3520	taskkill.exe
Token: SeDebugPrivilege	5016	taskkill.exe
Token: SeDebugPrivilege	2080	taskkill.exe
Token: SeDebugPrivilege	4028	taskkill.exe
Token: SeDebugPrivilege	4408	taskkill.exe
Token: SeDebugPrivilege	4648	taskkill.exe
Token: SeDebugPrivilege	448	taskkill.exe
Token: SeDebugPrivilege	2212	taskkill.exe
Token: SeDebugPrivilege	2244	taskkill.exe
Token: SeDebugPrivilege	1588	taskkill.exe
Token: SeDebugPrivilege	860	taskkill.exe
Token: SeDebugPrivilege	4860	taskkill.exe
Token: SeBackupPrivilege	436	robocopy.exe
Token: SeRestorePrivilege	436	robocopy.exe
Token: SeSecurityPrivilege	436	robocopy.exe
Token: SeTakeOwnershipPrivilege	436	robocopy.exe
Token: SeBackupPrivilege	1408	vssvc.exe
Token: SeRestorePrivilege	1408	vssvc.exe
Token: SeAuditPrivilege	1408	vssvc.exe
Token: SeBackupPrivilege	2200	srtasks.exe
Token: SeRestorePrivilege	2200	srtasks.exe
Token: SeSecurityPrivilege	2200	srtasks.exe
Token: SeTakeOwnershipPrivilege	2200	srtasks.exe
Token: SeBackupPrivilege	2200	srtasks.exe
Token: SeRestorePrivilege	2200	srtasks.exe
Token: SeSecurityPrivilege	2200	srtasks.exe
Token: SeTakeOwnershipPrivilege	2200	srtasks.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 1660	1452	SteelSeriesGG33.0.0Setup.exe	93
PID 1452 wrote to memory of 1660	1452	SteelSeriesGG33.0.0Setup.exe	93
PID 1452 wrote to memory of 1660	1452	SteelSeriesGG33.0.0Setup.exe	93
PID 1452 wrote to memory of 4692	1452	SteelSeriesGG33.0.0Setup.exe	95
PID 1452 wrote to memory of 4692	1452	SteelSeriesGG33.0.0Setup.exe	95
PID 1452 wrote to memory of 4692	1452	SteelSeriesGG33.0.0Setup.exe	95
PID 4692 wrote to memory of 1328	4692	cmd.exe	97
PID 4692 wrote to memory of 1328	4692	cmd.exe	97
PID 4692 wrote to memory of 1328	4692	cmd.exe	97
PID 4692 wrote to memory of 1620	4692	cmd.exe	98
PID 4692 wrote to memory of 1620	4692	cmd.exe	98
PID 4692 wrote to memory of 1620	4692	cmd.exe	98
PID 1452 wrote to memory of 5096	1452	SteelSeriesGG33.0.0Setup.exe	99
PID 1452 wrote to memory of 5096	1452	SteelSeriesGG33.0.0Setup.exe	99
PID 1452 wrote to memory of 5096	1452	SteelSeriesGG33.0.0Setup.exe	99
PID 1452 wrote to memory of 1208	1452	SteelSeriesGG33.0.0Setup.exe	101
PID 1452 wrote to memory of 1208	1452	SteelSeriesGG33.0.0Setup.exe	101
PID 1452 wrote to memory of 1208	1452	SteelSeriesGG33.0.0Setup.exe	101
PID 1208 wrote to memory of 3268	1208	cmd.exe	103
PID 1208 wrote to memory of 3268	1208	cmd.exe	103
PID 1208 wrote to memory of 3268	1208	cmd.exe	103
PID 1208 wrote to memory of 1456	1208	cmd.exe	104
PID 1208 wrote to memory of 1456	1208	cmd.exe	104
PID 1208 wrote to memory of 1456	1208	cmd.exe	104
PID 1452 wrote to memory of 1656	1452	SteelSeriesGG33.0.0Setup.exe	105
PID 1452 wrote to memory of 1656	1452	SteelSeriesGG33.0.0Setup.exe	105
PID 1452 wrote to memory of 1656	1452	SteelSeriesGG33.0.0Setup.exe	105
PID 1452 wrote to memory of 4544	1452	SteelSeriesGG33.0.0Setup.exe	107
PID 1452 wrote to memory of 4544	1452	SteelSeriesGG33.0.0Setup.exe	107
PID 1452 wrote to memory of 4544	1452	SteelSeriesGG33.0.0Setup.exe	107
PID 1452 wrote to memory of 980	1452	SteelSeriesGG33.0.0Setup.exe	109
PID 1452 wrote to memory of 980	1452	SteelSeriesGG33.0.0Setup.exe	109
PID 1452 wrote to memory of 980	1452	SteelSeriesGG33.0.0Setup.exe	109
PID 1452 wrote to memory of 2796	1452	SteelSeriesGG33.0.0Setup.exe	111
PID 1452 wrote to memory of 2796	1452	SteelSeriesGG33.0.0Setup.exe	111
PID 1452 wrote to memory of 2796	1452	SteelSeriesGG33.0.0Setup.exe	111
PID 1452 wrote to memory of 2476	1452	SteelSeriesGG33.0.0Setup.exe	113
PID 1452 wrote to memory of 2476	1452	SteelSeriesGG33.0.0Setup.exe	113
PID 1452 wrote to memory of 2476	1452	SteelSeriesGG33.0.0Setup.exe	113
PID 1452 wrote to memory of 2612	1452	SteelSeriesGG33.0.0Setup.exe	115
PID 1452 wrote to memory of 2612	1452	SteelSeriesGG33.0.0Setup.exe	115
PID 1452 wrote to memory of 2612	1452	SteelSeriesGG33.0.0Setup.exe	115
PID 1452 wrote to memory of 4996	1452	SteelSeriesGG33.0.0Setup.exe	117
PID 1452 wrote to memory of 4996	1452	SteelSeriesGG33.0.0Setup.exe	117
PID 1452 wrote to memory of 4996	1452	SteelSeriesGG33.0.0Setup.exe	117
PID 1452 wrote to memory of 3520	1452	SteelSeriesGG33.0.0Setup.exe	119
PID 1452 wrote to memory of 3520	1452	SteelSeriesGG33.0.0Setup.exe	119
PID 1452 wrote to memory of 3520	1452	SteelSeriesGG33.0.0Setup.exe	119
PID 1452 wrote to memory of 5016	1452	SteelSeriesGG33.0.0Setup.exe	121
PID 1452 wrote to memory of 5016	1452	SteelSeriesGG33.0.0Setup.exe	121
PID 1452 wrote to memory of 5016	1452	SteelSeriesGG33.0.0Setup.exe	121
PID 1452 wrote to memory of 2080	1452	SteelSeriesGG33.0.0Setup.exe	123
PID 1452 wrote to memory of 2080	1452	SteelSeriesGG33.0.0Setup.exe	123
PID 1452 wrote to memory of 2080	1452	SteelSeriesGG33.0.0Setup.exe	123
PID 1452 wrote to memory of 4028	1452	SteelSeriesGG33.0.0Setup.exe	125
PID 1452 wrote to memory of 4028	1452	SteelSeriesGG33.0.0Setup.exe	125
PID 1452 wrote to memory of 4028	1452	SteelSeriesGG33.0.0Setup.exe	125
PID 1452 wrote to memory of 4408	1452	SteelSeriesGG33.0.0Setup.exe	127
PID 1452 wrote to memory of 4408	1452	SteelSeriesGG33.0.0Setup.exe	127
PID 1452 wrote to memory of 4408	1452	SteelSeriesGG33.0.0Setup.exe	127
PID 1452 wrote to memory of 4648	1452	SteelSeriesGG33.0.0Setup.exe	129
PID 1452 wrote to memory of 4648	1452	SteelSeriesGG33.0.0Setup.exe	129
PID 1452 wrote to memory of 4648	1452	SteelSeriesGG33.0.0Setup.exe	129
PID 1452 wrote to memory of 448	1452	SteelSeriesGG33.0.0Setup.exe	131

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\SteelSeriesGG33.0.0Setup.exe
"C:\Users\Admin\AppData\Local\Temp\SteelSeriesGG33.0.0Setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /t /im "SteelSeriesGG.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1660
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /nh /fi "imagename eq SteelSeriesGG.exe" | find /i "SteelSeriesGG.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4692
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /nh /fi "imagename eq SteelSeriesGG.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1328
- - C:\Windows\SysWOW64\find.exe
    find /i "SteelSeriesGG.exe"
    3⤵
    PID:1620
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /t /im "SteelSeriesGGMain.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5096
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /nh /fi "imagename eq SteelSeriesGGMain.exe" | find /i "SteelSeriesGGMain.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1208
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /nh /fi "imagename eq SteelSeriesGGMain.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:3268
- - C:\Windows\SysWOW64\find.exe
    find /i "SteelSeriesGGMain.exe"
    3⤵
    PID:1456
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesGG.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1656
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesGGMain.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4544
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesEngine.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:980
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesEngine3.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2796
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesGGClient.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2476
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesEngine3Client.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2612
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SSOverlay.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4996
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesEngine.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3520
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM gamesense-discord-x64.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5016
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM AudioSync.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2080
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM runStatsElevated.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4028
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesCaptureSvc.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4408
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM moments.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4648
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesCVGameSense.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:448
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesSonar.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2212
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesPrism.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2244
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeriesPrismSync.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1588
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM SteelSeries3DATLauncher.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:860
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /IM 3dat.exe /T /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4860
- C:\Windows\SysWOW64\sc.exe
  sc stop SteelSeriesUpdateService
  2⤵
  - Launches sc.exe
  PID:3896
- C:\Windows\SysWOW64\sc.exe
  sc delete SteelSeriesUpdateService
  2⤵
  - Launches sc.exe
  PID:1096
- C:\Windows\SysWOW64\robocopy.exe
  robocopy /e /copy:DATSO "C:\Program Files\SteelSeries\GG\apps\engine\html" "C:\Program Files\SteelSeries\GG\apps\moments\html"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:436
- C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\steelseriesengine-dxredist\dxsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\steelseriesengine-dxredist\dxsetup.exe" /silent
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:4572
- - C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\infinst.exe
    C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    PID:2348
- - C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\infinst.exe
    C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\infinst.exe d3dx11_43_x64.inf
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    PID:4240
- - C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\infinst.exe
    C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\infinst.exe D3DCompiler_43_x64.inf
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    PID:1560

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:1408

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2200

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110330\firmware_arctis_nova_pro_v2_5680_v2.4.0.bin

Filesize
1024KB

MD5
03f02e1c9c38a1d2a2df88fba8a2cab1

SHA1
cd07d934f207a2daf071020bcf6ee4f36ca88e4d

SHA256
66a00c474b95865027c6ed871423f6bccff65ebbdfe38dc1e2878827f99ff458

SHA512
b653ef86d405828e32b011ea3057f53b266f6331c572fa7f35eaae22f60be74b3cd1921c66eea289b487059701fadc0767c19140ded369b9d4835bf15cfae673

Download Submit
C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110480\firmware-hots-V114.bin

Filesize
13KB

MD5
6f140144b9e446aac91a0eacad66cce0

SHA1
68a5af16f748f77e9326d2525b3861902ed0678f

SHA256
02cdfc4c962c50ff721238ba7e3a0dd5b4ce1120ee4cb13b940fbb329d5cd673

SHA512
6095c006eff131fc17a9b19d6058cec06d4426968e89a7725bf6848f9376d89936bbec84cfeecd17f0acd3b5a8a3bfbea1a82551ee02062af7fd4e3ee6921ab9

Download Submit
C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110874\firmware-qck_prism_cloth_5xl-1.2.bin

Filesize
16KB

MD5
d7e6dcd2424212d26b5d733cd943957a

SHA1
76e2ebfb3758dd5ff7b6007ab396ebc2eb131777

SHA256
8b680eeb4b44aedf43b6ad976b7d3e3ced0112a1c9ca9534ffd849aa9010ddb6

SHA512
7c19d0c08ae123d1fea35c3f0b3cecd2331d32df0613ff4ac99bcfde278d8e426f05ca9099cd3f0e1229c22647ae20290223526df4a80d96afe9b77ee047c8da

Download Submit
C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111132\layout.bin

Filesize
1024B

MD5
265c4584c3ee3cb9a6052d08b2d06115

SHA1
811a216e30527ab47b46ce9b259312d2f656414c

SHA256
add6333f1aa90dd30a3b442f7ebf28ee538d0e0ea33733f4811f765948106cd8

SHA512
4c2777ee7314ee08ab0ce9d68b791d97dc4215968cae0e8175d79f78328cf3e334b0917fd2c7a70f98a2b8d3c37dcfe516861b0838e56743143ee45494945dcc

Download Submit
C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111403\secondary-firmware-rival-650-wireless-1.24-B308.bin

Filesize
3KB

MD5
337254c54ad82c689d4b9a58d06a3cf6

SHA1
df1abbdf37e68bad3ca4885e81d27339512e7ab5

SHA256
5ed8294c32dac12b2a5afe916c23fdd3627571cf6152347a9336cb965b2ee50a

SHA512
a5cea0b2f7225c8c61e17b7e2ca6353d83925a6c5b8f2935f431507ff1341f460627bc853a8dd050ddf09e17aff945eeccdabc1eb07214e093de5f4673f7656e

Download Submit
C:\ProgramData\SteelSeries\GG\apps\moments\db\dbconf.yml

Filesize
70B

MD5
9635209063be99ad291c6d0340ff534d

SHA1
f1efcfd4a8fe48c3206d7caf63c86f27340f41ca

SHA256
ac873a3afbb84d3d8c7e617f7d91a9b14fe1edb36ea49798503cdf914680857c

SHA512
eeb31307308b1f95c73cc273267b98d06f86175e438ed656fbc26d5876bc5fa2b11a5b596e037433c6611109574148f48ac036cde23b19666e8a68b9e2597d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\JUN2010_D3DCompiler_43_x64.inf

Filesize
830B

MD5
6494a3b568760c8248b42d2b6e4df657

SHA1
700f27ee4c74e9b9914f80b067079e09ec7c6a7f

SHA256
3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216

SHA512
2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\JUN2010_d3dx11_43_x64.inf

Filesize
815B

MD5
590fe1ea1837b4bfb80dc8cb09e7815f

SHA1
792b5b0521c34c6b723a379dd6b3acf82f8afb1f

SHA256
2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b

SHA512
80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\apr2007_xinput_x64.inf

Filesize
860B

MD5
94563a3b9affb41d2bfd41a94b81e08d

SHA1
17cad981ef428e132aa1d571e0c77091e750e0dd

SHA256
0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8

SHA512
53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\dxupdate.dll

Filesize
173KB

MD5
7ed554b08e5b69578f9de012822c39c9

SHA1
036d04513e134786b4758def5aff83d19bf50c6e

SHA256
fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

SHA512
7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\dxupdate.inf

Filesize
12KB

MD5
e6a74342f328afa559d5b0544e113571

SHA1
a08b053dfd061391942d359c70f9dd406a968b7d

SHA256
93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca

SHA512
1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6279.tmp\infinst.exe

Filesize
81KB

MD5
a7ba8b723b327985ded1152113970819

SHA1
50be557a29f3d2d7300b71ab0ed4831669edd848

SHA256
8c62fe8466d9a24a0f1924de37b05d672a826454804086cddc7ed87c020e67ff

SHA512
60702f08fb621bf256b1032e572a842a141cf4219b22f98b27cb1da058b19b44cc37fb8386019463a7469961ca71f48a3347aaf1c74c3636e38d2aea3bca9967

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\ExecDos.dll

Filesize
6KB

MD5
774e3b33d151413dc826bf2421cd51e8

SHA1
ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

SHA256
91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

SHA512
3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\LangDLL.dll

Filesize
5KB

MD5
014a3be4a7c1ccb217916dbf4f222bd1

SHA1
9b4c41eb0e84886beb5591d8357155e27f9c68ed

SHA256
09acfc5ee34a1dfa1af3a9d34f00c3b1327b56641feebd536e13752349c08ac8

SHA512
0f3d1bf548e29a136150b699665a3f22c6ea2821701737363fa2920b51c391d735f1eae92dea8af655e7d07304bd3d06e4aff3f5a82fa22bcf5d1690013eb922

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\LinkerCb.dll

Filesize
7KB

MD5
cf9d98b6d76b5c1eaa5a466c72cc67b5

SHA1
075d504e63dc6b2cc78f73eb6f417a891ed5564f

SHA256
8faf638b633cc3a69c149434256782598e4884500e32e2f1b2328d210766eb69

SHA512
252dcd511d556bb65462401883b721e1cc36f5624758804ac366806edc6f7b7dcb2e89c929a1d6692cec4adaf18e1cbc3953b576255ee190efdbcacabcc9b91d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\Processes.dll

Filesize
49KB

MD5
138869ba3c86d7546f8c24e424dcd114

SHA1
db7f3227a7671ac9fb2fd017eca10e390cae2a8c

SHA256
71630aea3eef367f9a88bafb6ad3511a3bc7dcc4995e9eb84b09f8f777b22d65

SHA512
85a94b8fc6e0497a21a4d982e62405725b4d18a0a3c65f5f58b40e93bedd8bea5103f6ac9baff7bd3c93d4f08e0eb24f2c4e0e24dc346c231b87deeb725e1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\System.dll

Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu44BC.tmp\nsDialogs.dll

Filesize
9KB

MD5
48f3e7860e1de2b4e63ec744a5e9582a

SHA1
420c64d802a637c75a53efc8f748e1aede3d6dc6

SHA256
6bf9cccd8a600f4d442efe201e8c07b49605ba35f49a4b3ab22fa2641748e156

SHA512
28716ddea580eeb23d93d1ff6ea0cf79a725e13c8f8a17ec9dfacb1fe29c7981ad84c03aed05663adc52365d63d19ec2f366762d1c685e3a9d93037570c3c583

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
474B

MD5
690f807f00444c0e13c760468f5a6b81

SHA1
5c46b468334b2528abbbc608c18661fe7962ecf0

SHA256
c4d97cc9ae35f713de378eb4073ff815be794dcddf2a4749a40323cec653c3dc

SHA512
867fac5e24befe0853076f3b6774ddffc726c887fa7779017a6fcbc5b4409539317dac3c03361c4844dcd838c6e67f05d4c3366c263da3f6929301986dc7f910

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
12KB

MD5
b6b9ec6f5162c95173b0b8e7ee613649

SHA1
94e3c6745b69ea830052a935873749a61ab8cd33

SHA256
e9bead906e57941dd43fc3018fe167ac5b5ec6454729d1798fde682e3550ccc1

SHA512
b8c6ba5ee382952d7d34593a54686ff656e9cdffc7d7cff0c1d6cfd0a1d18a50a07936a85cb33aed8fdf3d99e304fe1516f25203ad8f5a90c34220110b24fddd

Download Submit
memory/1452-900-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-640-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-636-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-340-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-669-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-1935-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-840-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-901-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-842-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-899-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-851-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-847-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download
memory/1452-844-0x0000000074390000-0x000000007439B000-memory.dmp

Filesize
44KB

Download