3fe36d00445253bf669d03f37b9e57b936ca837110ca0156ce7190616327f1f2

Analysis

max time kernel
150s
max time network
114s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09-03-2023 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ScreenRec_webinstall_all.exe
Size

430KB
MD5

bf776a87851684618960380cbe2432a7
SHA1

e9d91e78f658523f7e5da701cc30ec62f649510f
SHA256

3fe36d00445253bf669d03f37b9e57b936ca837110ca0156ce7190616327f1f2
SHA512

f7d8d136bedde342cbe2af844590c6bca5509fbd3a4176e4bc59867d6e62f66e68fc08462b35500715b044ce86c99ff59d3a981792e0d8254a1f7f40cb5fb475
SSDEEP

6144:SFdKf6NxbxAcLs0ev9d3mTVjBpKUru9ouk5weQcls0ej9d3mTVjRpKUruqG4:CychevriBXru97qz0jriRXruqG4

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
1812	vcredist_x64.exe
768	Setup.exe
908	vc_redist.x64.exe
544	vc_redist.x64.exe
1344	Process not Found
1656	screenrec.exe
920	screenrec.exe

Loads dropped DLL 64 IoCs

pid	Process
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1812	vcredist_x64.exe
768	Setup.exe
768	Setup.exe
768	Setup.exe
768	Setup.exe
1700	ScreenRec_webinstall_all.exe
908	vc_redist.x64.exe
544	vc_redist.x64.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1344	Process not Found
1344	Process not Found
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1344	Process not Found
1344	Process not Found
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Windows\CurrentVersion\Run	ScreenRec_webinstall_all.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Windows\CurrentVersion\Run\ScreenRec = "C:\\Users\\Admin\\AppData\\Local\\StreamingVideoProvider\\ScreenRec_app\\screenrec.exe"	ScreenRec_webinstall_all.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 6 IoCs

installer

resource	yara_rule
behavioral1/files/0x0003000000020881-1450.dat	nsis_installer_1
behavioral1/files/0x0003000000020881-1450.dat	nsis_installer_2
behavioral1/files/0x0003000000020881-1469.dat	nsis_installer_1
behavioral1/files/0x0003000000020881-1469.dat	nsis_installer_2
behavioral1/files/0x0003000000020881-1468.dat	nsis_installer_1
behavioral1/files/0x0003000000020881-1468.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	ScreenRec_webinstall_all.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	ScreenRec_webinstall_all.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	ScreenRec_webinstall_all.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	ScreenRec_webinstall_all.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	ScreenRec_webinstall_all.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1656	screenrec.exe
920	screenrec.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
1700	ScreenRec_webinstall_all.exe
768	Setup.exe
768	Setup.exe
768	Setup.exe
768	Setup.exe

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
920	screenrec.exe
920	screenrec.exe
920	screenrec.exe
920	screenrec.exe
920	screenrec.exe

Suspicious use of SendNotifyMessage 10 IoCs

pid	Process
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
920	screenrec.exe
920	screenrec.exe
920	screenrec.exe
920	screenrec.exe
920	screenrec.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1656	screenrec.exe
1656	screenrec.exe
1656	screenrec.exe
920	screenrec.exe
920	screenrec.exe
920	screenrec.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1812	1700	ScreenRec_webinstall_all.exe	30
PID 1700 wrote to memory of 1812	1700	ScreenRec_webinstall_all.exe	30
PID 1700 wrote to memory of 1812	1700	ScreenRec_webinstall_all.exe	30
PID 1700 wrote to memory of 1812	1700	ScreenRec_webinstall_all.exe	30
PID 1700 wrote to memory of 1812	1700	ScreenRec_webinstall_all.exe	30
PID 1700 wrote to memory of 1812	1700	ScreenRec_webinstall_all.exe	30
PID 1700 wrote to memory of 1812	1700	ScreenRec_webinstall_all.exe	30
PID 1812 wrote to memory of 768	1812	vcredist_x64.exe	31
PID 1812 wrote to memory of 768	1812	vcredist_x64.exe	31
PID 1812 wrote to memory of 768	1812	vcredist_x64.exe	31
PID 1812 wrote to memory of 768	1812	vcredist_x64.exe	31
PID 1812 wrote to memory of 768	1812	vcredist_x64.exe	31
PID 1812 wrote to memory of 768	1812	vcredist_x64.exe	31
PID 1812 wrote to memory of 768	1812	vcredist_x64.exe	31
PID 1700 wrote to memory of 908	1700	ScreenRec_webinstall_all.exe	32
PID 1700 wrote to memory of 908	1700	ScreenRec_webinstall_all.exe	32
PID 1700 wrote to memory of 908	1700	ScreenRec_webinstall_all.exe	32
PID 1700 wrote to memory of 908	1700	ScreenRec_webinstall_all.exe	32
PID 1700 wrote to memory of 908	1700	ScreenRec_webinstall_all.exe	32
PID 1700 wrote to memory of 908	1700	ScreenRec_webinstall_all.exe	32
PID 1700 wrote to memory of 908	1700	ScreenRec_webinstall_all.exe	32
PID 908 wrote to memory of 544	908	vc_redist.x64.exe	33
PID 908 wrote to memory of 544	908	vc_redist.x64.exe	33
PID 908 wrote to memory of 544	908	vc_redist.x64.exe	33
PID 908 wrote to memory of 544	908	vc_redist.x64.exe	33
PID 908 wrote to memory of 544	908	vc_redist.x64.exe	33
PID 908 wrote to memory of 544	908	vc_redist.x64.exe	33
PID 908 wrote to memory of 544	908	vc_redist.x64.exe	33
PID 1700 wrote to memory of 1656	1700	ScreenRec_webinstall_all.exe	35
PID 1700 wrote to memory of 1656	1700	ScreenRec_webinstall_all.exe	35
PID 1700 wrote to memory of 1656	1700	ScreenRec_webinstall_all.exe	35
PID 1700 wrote to memory of 1656	1700	ScreenRec_webinstall_all.exe	35

C:\Users\Admin\AppData\Local\Temp\ScreenRec_webinstall_all.exe
"C:\Users\Admin\AppData\Local\Temp\ScreenRec_webinstall_all.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\vcredist_x64.exe
  "C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\vcredist_x64.exe" /passive /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1812
- - \??\c:\3a48f806c7f5f3860b1c8a\Setup.exe
    c:\3a48f806c7f5f3860b1c8a\Setup.exe /passive /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:768
- C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\vc_redist.x64.exe
  "C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\vc_redist.x64.exe" /passive /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:908
- - C:\Windows\Temp\{7C30DC5E-7F61-4147-9619-0B1443D55862}\.cr\vc_redist.x64.exe
    "C:\Windows\Temp\{7C30DC5E-7F61-4147-9619-0B1443D55862}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\vc_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /passive /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:544
- C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe
  "C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1656

C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe
"C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:920

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\3a48f806c7f5f3860b1c8a\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\avcodec-57.dll

Filesize
11.7MB

MD5
f15a5f86629403e8b2ed1d257b7bed8d

SHA1
f045441816b0f97ddd5fbc2a0a05bd8b8b869d76

SHA256
0108e5b2759c48d5dd4fa0d3968d4be0ff75ceea66f8f769c1563f57bcfd60b0

SHA512
c73ea53db4ba49851cc7b5711b7c205dfe08fb611817ea9126337d69a7007f0d72fa78561020e16d6179f3cebc56407bcf0a2460420b13b58f6f9523358f505d

Download Submit
C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\avutil-55.dll

Filesize
497KB

MD5
40a8d94ad9aa8930a925378014f9fb6e

SHA1
2057ab570a14207412372dae4d270a9d32d7ddf3

SHA256
6c78a91516a2e486a8d863777223b3303658da61e1044cc22263a2be599e2e28

SHA512
aa27aa1cd92ce9418b3b5a88d4d068c9a2a412f1220e3579740632d6e7e5c0bf9480adf861c1a749165f6c5fa514b0c95e42016ca0158f3098fd46b72b33ea85

Download Submit
C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\libwinpthread-1.dll

Filesize
54KB

MD5
97a7982af495521ebc268f311fbd3a81

SHA1
f4990e9c32332182f77f2a7d478df17c892252cb

SHA256
042fa617d408ebb77d17df98434d61bdd839b780b7ec2f1c46f73a614eb6ed80

SHA512
1a378dc379c818dd41292394ffa680edb7b80c73e93905f16af8dc43ff52b98a6feb92daa06fd17677faae47dc1002820761a110791bcb49ef45102611454760

Download Submit
C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\libx264-148.dll

Filesize
2.1MB

MD5
0d90b78426e61a4cf6e6a06397a8a5e3

SHA1
6eb7e1056728e699a1a032f86c4f7b6cba9a5deb

SHA256
c5dc32715d046d36946e48de4d46e7c905c5c5b30c7c998c9e0edd3c235e8cbe

SHA512
e6d1f2a917e62fec539e561fbbde46f9a2e02cb5da15f1463a6583d7656554a4cea375dfc0c68fd7608a6ac4b6cae39773f871a9cf9aedc3bafe3e6d4a3ca054

Download Submit
C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

Filesize
6.9MB

MD5
4199fd8369ff9adb45855cc1eead3c4e

SHA1
fe2b15c190594bdaedc7fa2b14c83c7e631b2c7c

SHA256
ff7bf38554f6bf802f60aefb3f75aed6885395130caca48fe125e6a52542f9a0

SHA512
365e096a37135a610c042a43f46fd1205fef1075983df7e2fcb3c95a965bdfdca4bce203dca906472917d58bf7a8f2c5e8da0dc067e35950bde23bccf6f91575

Download Submit
C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

Filesize
6.9MB

MD5
4199fd8369ff9adb45855cc1eead3c4e

SHA1
fe2b15c190594bdaedc7fa2b14c83c7e631b2c7c

SHA256
ff7bf38554f6bf802f60aefb3f75aed6885395130caca48fe125e6a52542f9a0

SHA512
365e096a37135a610c042a43f46fd1205fef1075983df7e2fcb3c95a965bdfdca4bce203dca906472917d58bf7a8f2c5e8da0dc067e35950bde23bccf6f91575

Download Submit
C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\uninstall.exe

Filesize
209KB

MD5
7143d285f8a28600bef2b3c0f5211517

SHA1
ccd3c69bcc2a8bc125891cd58ddd5992dbf85ec8

SHA256
a4758d23ed8816f0d70ec1689fa752948d0b042d46c5f6d381d67aa80ce82a73

SHA512
55e798b277aca0b8dc8cd456f54a22b863ccb1f2a9300d7331d38fcb2abca7b38b07d1e09e00bb358280bd40b875070975e64af48e25b6d28a1af6c5eb3fc0a8

Download Submit
C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\vc_redist.x64.exe

Filesize
24.1MB

MD5
35431d059197b67227cd12f841733539

SHA1
ae97f1e35c50a3c1b7b231995ad547828e71fe4c

SHA256
296f96cd102250636bcd23ab6e6cf70935337b1bbb3507fe8521d8d9cfaa932f

SHA512
dfc0a9bd4151cbb9407a1234e6c892b65d3db35f1a95684547fc0f5334a9b3d19efe88d5f2661d7b4a372489334098629ffb2c433d4128772c3b021ed259424e

Download Submit
C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\vc_redist.x64.exe

Filesize
24.1MB

MD5
35431d059197b67227cd12f841733539

SHA1
ae97f1e35c50a3c1b7b231995ad547828e71fe4c

SHA256
296f96cd102250636bcd23ab6e6cf70935337b1bbb3507fe8521d8d9cfaa932f

SHA512
dfc0a9bd4151cbb9407a1234e6c892b65d3db35f1a95684547fc0f5334a9b3d19efe88d5f2661d7b4a372489334098629ffb2c433d4128772c3b021ed259424e

Download Submit
C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\vcredist_x64.exe

Filesize
5.5MB

MD5
630d75210b325a280c3352f879297ed5

SHA1
b330b760a8f16d5a31c2dc815627f5eb40861008

SHA256
b06546ddc8ca1e3d532f3f2593e88a6f49e81b66a9c2051d58508cc97b6a2023

SHA512
b6e107fa34764d336c9b59802c858845df9f8661a1beb41436fd638a044580557921e69883ed32737f853e203f0083358f642f3efe0a80fae7932c5e6137331f

Download Submit
C:\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\vcredist_x64.exe

Filesize
5.5MB

MD5
630d75210b325a280c3352f879297ed5

SHA1
b330b760a8f16d5a31c2dc815627f5eb40861008

SHA256
b06546ddc8ca1e3d532f3f2593e88a6f49e81b66a9c2051d58508cc97b6a2023

SHA512
b6e107fa34764d336c9b59802c858845df9f8661a1beb41436fd638a044580557921e69883ed32737f853e203f0083358f642f3efe0a80fae7932c5e6137331f

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFIEBE7.tmp.html

Filesize
16KB

MD5
3303eaab18fcc14871063a3539fb8f4b

SHA1
f6f8bc88cc8814d9f1cd1f9601f8950496032ca7

SHA256
019359e6051b492ee55a5c99b65f3bebede63e97ff8057528807d27c54ed30c8

SHA512
a84bb61f9bbe3d675bac4261520bc5553023b81a5810af2c043e4473f91755c32132dbda770ce582e51700130c3ed1f63e547f6787fa34db2540af1f9e083651

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4D50.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\Crypto.dll

Filesize
3KB

MD5
5fc727c579f3c3b69ce0eb7f2ec7d48a

SHA1
4686ade71a45feb36f5f5f48e78bd673f60e45b5

SHA256
b7b819dcf3aaed2774cecfa507f9baee47660b18758f7cb718bb5cb2d77947fa

SHA512
b407eb19db8967fc7eeea8d5576cbb909c89195a0ae2f2382b79ecc13f04d984ec46d014b7f8e2124c8fe6088097cdc8203e4258cdd36a38db94c7cb4a929fd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\INetC.dll

Filesize
235KB

MD5
1b64fbf67719787f56e7788a6ec93d92

SHA1
b1696fc7301f5f3b69b928f325a2e4fe1b342d34

SHA256
e761612d52de4bf6411a4c146e5523439cecf23eeacceb51dd69a26d79dd7bd2

SHA512
d1c8e48ec91adbb760699d6afed0c5df597e69bd2873f9168c7ebfa675a7428de80070a8eea13f5ca1bb5845e8056270bf073e7e674be137999cd7a567909ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\InstallOptions.dll

Filesize
14KB

MD5
20f3184efe7edddfef3325efc25d12a5

SHA1
8db4c500d73f9525a7e9834df6caea2e70189939

SHA256
0e014352b64abc431d97460d79757cbafbf6ba997c08b608c294e1f582af269a

SHA512
433188957a4603c9c61ec698a720021aacf61f46ccc32d5a11bcb6f2d0b1f01e5680635707d8a0ec7a9ef2aa2a85d6dec07ded452e4cb9e280062c0bed555c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\ScreenRec64.zip

Filesize
134.1MB

MD5
79481e0cb373789a505751069150b327

SHA1
2b46f05a618b85f3b9c01346d1408bfd210551c9

SHA256
1fe8c195bf97d8eeafc24180ba174500911603a1fbea1d82cd6cec81d5dd9262

SHA512
b929ead566de2178c63ea60bb179153d961d36d91d1c8badb9d7bee0b868dcc86052e58c4b1e0f64726dbdacded2cd3010e244214c558cbe203faa24546436dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\StartMenu.dll

Filesize
7KB

MD5
a09bcf528d02f89f9befa78937ca7d7b

SHA1
3cbcb0fdc32a8f21d6d557cc4c3bb6c4ee246b6f

SHA256
5a31abf36c0ed5e74295b7d7db5a2b09d8aa308483612b7b0bc04771000ac8ad

SHA512
ad4bbc478c028d4b8b890ea60a26ecae1c0dfacad872d150bfb1c334d7f52f2963123c45cef4ee0d773d9b3e143dde2c3d8da92ea9f703e44c5ee873a873b95c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\System.dll

Filesize
11KB

MD5
55a26d7800446f1373056064c64c3ce8

SHA1
80256857e9a0a9c8897923b717f3435295a76002

SHA256
904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8

SHA512
04b8ab7a85c26f188c0a06f524488d6f2ac2884bf107c860c82e94ae12c3859f825133d78338fd2b594dfc48f7dc9888ae76fee786c6252a5c77c88755128a5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\ioSpecial.ini

Filesize
639B

MD5
8eba12984acd38a2c80156860dfe4db5

SHA1
49c15170caf973fadc91b623f0dd9c11339c918f

SHA256
4ed10a2e60a37f73b15e6a746f5098929f9a19744e6d5affa60e3c7b9c5476ee

SHA512
c13976cb0d73c6d862fa71a6dda9de8803a3d26aa5f2db0fe1f31bcceb37dadb0d349e3a972043c8e0976a832baf6503c76ad19cfdb50c65f883f168c9f43326

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\ioSpecial.ini

Filesize
668B

MD5
80acc5bf5a9dd976e4934d4c74d86598

SHA1
7102413ed52d93a7f3cfb29bf07d4f939281412f

SHA256
71e3d46068133bae9ee626a20426cf0e444f0e682b9513a1d4b2d914104aaee7

SHA512
4e716b73585e9274944a6e60ae1e31fdde26e3a841c92274c09ad80769c3c9592e5f9df2781c3ea3cbf8cde2a801948894aecb3449c39997e4c35f94729a5ebd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\nsProcess.dll

Filesize
4KB

MD5
faa7f034b38e729a983965c04cc70fc1

SHA1
df8bda55b498976ea47d25d8a77539b049dab55e

SHA256
579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

SHA512
7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\nsisXML.dll

Filesize
12KB

MD5
9f3d5344e7ede1f41f99d8fc37fd01ad

SHA1
d0322ce3ba30a924daa1c9e322846a3d8ccda878

SHA256
77aa1a74a556f00f16baf9b94637fa997bd4085695ba81bf496223644e43e815

SHA512
2849b261b77fa2abf0d0efc7604ccce7f502d20a556eea9877cfe1cbc6d515d8fe41986943081629243b81987cddd54613ee01fc7859ae16eab57f6ca2cd4bfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\nsisunz.dll

Filesize
40KB

MD5
5f13dbc378792f23e598079fc1e4422b

SHA1
5813c05802f15930aa860b8363af2b58426c8adf

SHA256
6e87ecb7f62039fbb6e7676422d1a5e75a32b90dde6865dcb68ee658ba8df61d

SHA512
9270635a5294482f49e0292e26d45dd103b85fe27dc163d44531b095c5f9dbde6b904adaf1a888ba3c112a094380394713c796f5195b2566a20f00b42b6578e5

Download Submit
C:\Windows\Temp\{7C30DC5E-7F61-4147-9619-0B1443D55862}\.cr\vc_redist.x64.exe

Filesize
634KB

MD5
24323f69876bda1b9909a0d0d6b981ba

SHA1
75761d5303828e5cdeb9a3ba0bd9ebaedb56e9b0

SHA256
7b1b012d525323f4e6c2e3b53e9f55bda9d01d8761a86f03317e46d4f28ae808

SHA512
01ed192274bd3559df05adb8de057a6d26bc77376c0fbc2d7ab8a8306620e8515cfbffabd2289417f3513982bbf2b7ed68897c649f14848858690985c9b262c3

Download Submit
C:\Windows\Temp\{7C30DC5E-7F61-4147-9619-0B1443D55862}\.cr\vc_redist.x64.exe

Filesize
634KB

MD5
24323f69876bda1b9909a0d0d6b981ba

SHA1
75761d5303828e5cdeb9a3ba0bd9ebaedb56e9b0

SHA256
7b1b012d525323f4e6c2e3b53e9f55bda9d01d8761a86f03317e46d4f28ae808

SHA512
01ed192274bd3559df05adb8de057a6d26bc77376c0fbc2d7ab8a8306620e8515cfbffabd2289417f3513982bbf2b7ed68897c649f14848858690985c9b262c3

Download Submit
C:\Windows\Temp\{CD55762C-C65F-4741-8B8C-9C61E5940CCB}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
\3a48f806c7f5f3860b1c8a\1033\SetupResources.dll

Filesize
16KB

MD5
9547d24ac04b4d0d1dbf84f74f54faf7

SHA1
71af6001c931c3de7c98ddc337d89ab133fe48bb

SHA256
36d0159ed1a7d88000737e920375868765c0a1dd6f5a5acbb79cf7d97d9e7a34

SHA512
8b6048f4185a711567679e2de4789407077ce5bfe72102d3cb1f23051b8d3e6bfd5886c801d85b4e62f467dd12da1c79026a4bc20b17f54c693b2f24e499d40f

Download Submit
\3a48f806c7f5f3860b1c8a\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
\3a48f806c7f5f3860b1c8a\SetupEngine.dll

Filesize
788KB

MD5
84c1daf5f30ff99895ecab3a55354bcf

SHA1
7e25ba36bcc7deed89f3c9568016ddb3156c9c5a

SHA256
7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd

SHA512
e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

Download Submit
\3a48f806c7f5f3860b1c8a\SetupUi.dll

Filesize
288KB

MD5
eb881e3dddc84b20bd92abcec444455f

SHA1
e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1

SHA256
11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7

SHA512
5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75

Download Submit
\3a48f806c7f5f3860b1c8a\sqmapi.dll

Filesize
141KB

MD5
3f0363b40376047eff6a9b97d633b750

SHA1
4eaf6650eca5ce931ee771181b04263c536a948b

SHA256
bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

SHA512
537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\1028\LocalizedData.xml

Filesize
29KB

MD5
12df3535e4c4ef95a8cb03fd509b5874

SHA1
90b1f87ba02c1c89c159ebf0e1e700892b85dc39

SHA256
1c8132747dc33ccdb02345cbe706e65089a88fe32cf040684ca0d72bb9105119

SHA512
c6c8887e7023c4c1cbf849eebd17b6ad68fc14607d1c32c0d384f951e07bfaf6b61e0639f4e5978c9e3e1d52ef8a383b62622018a26fa4066eb620f584030808

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\1031\LocalizedData.xml

Filesize
40KB

MD5
b13ff959adc5c3e9c4ba4c4a76244464

SHA1
4df793626f41b92a5bc7c54757658ce30fdaeeb1

SHA256
44945bc0ba4be653d07f53e736557c51164224c8ec4e4672dfae1280260ba73b

SHA512
de78542d3bbc4c46871a8afb50fb408a59a76f6ed67e8be3cba8ba41724ea08df36400e233551b329277a7a0fe6168c5556abe9d9a735f41b29a941250bfc4d6

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\1033\LocalizedData.xml

Filesize
38KB

MD5
5486ff60b072102ee3231fd743b290a1

SHA1
d8d8a1d6bf6adf1095158b3c9b0a296a037632d0

SHA256
5ca3ecaa12ca56f955d403ca93c4cb36a7d3dcdea779fc9bdaa0cdd429dab706

SHA512
ae240eaac32edb18fd76982fc01e03bd9c8e40a9ec1b9c42d7ebd225570b7517949e045942dbb9e40e620aa9dcc9fbe0182c6cf207ac0a44d7358ad33ba81472

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\1033\SetupResources.dll

Filesize
16KB

MD5
9547d24ac04b4d0d1dbf84f74f54faf7

SHA1
71af6001c931c3de7c98ddc337d89ab133fe48bb

SHA256
36d0159ed1a7d88000737e920375868765c0a1dd6f5a5acbb79cf7d97d9e7a34

SHA512
8b6048f4185a711567679e2de4789407077ce5bfe72102d3cb1f23051b8d3e6bfd5886c801d85b4e62f467dd12da1c79026a4bc20b17f54c693b2f24e499d40f

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\1036\LocalizedData.xml

Filesize
40KB

MD5
4ce519f7e9754ec03768edeedaeed926

SHA1
213ae458992bf2c5a255991441653c5141f41b89

SHA256
bc4ca5ad609f0dd961263715e1f824524c43e73b744e55f90c703b759cae4d31

SHA512
8f2ff08a234d8e2e6ba85de3cd1c19a0b372d9fca4ff0fc1bba7fe7c5a165e933e2af5f93fc587e9230a066b70fb55d9f58256db509cc95a3b31d349f860f510

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\1040\LocalizedData.xml

Filesize
39KB

MD5
fe6b23186c2d77f7612bf7b1018a9b2a

SHA1
1528ec7633e998f040d2d4c37ac8a7dc87f99817

SHA256
03bbe1a39c6716f07703d20ed7539d8bf13b87870c2c83ddda5445c82953a80a

SHA512
40c9c9f3607cab24655593fc4766829516de33f13060be09f5ee65578824ac600cc1c07fe71cdd48bff7f52b447ff37c0d161d755a69ac7db7df118da6db7649

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\1041\LocalizedData.xml

Filesize
33KB

MD5
6f86b79dbf15e810331df2ca77f1043a

SHA1
875ed8498c21f396cc96b638911c23858ece5b88

SHA256
f0f9dd1a9f164f4d2e73b4d23cc5742da2c39549b9c4db692283839c5313e04f

SHA512
ca233a6bf55e253ebf1e8180a326667438e1124f6559054b87021095ef16ffc6b0c87361e0922087be4ca9cabd10828be3b6cc12c4032cb7f2a317fdbd76f818

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\1042\LocalizedData.xml

Filesize
32KB

MD5
e87ad0b3bf73f3e76500f28e195f7dc0

SHA1
716b842f6fbf6c68dc9c4e599c8182bfbb1354dc

SHA256
43b351419b73ac266c4b056a9c3a92f6dfa654328163814d17833a837577c070

SHA512
d3ea8655d42a2b0938c2189ceeab25c29939c302c2e2205e05d6059afc2a9b2039b21c083a7c17da1ce5eebdc934ff327a452034e2e715e497bcd6239395774c

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\1049\LocalizedData.xml

Filesize
39KB

MD5
1290be72ed991a3a800a6b2a124073b2

SHA1
dac09f9f2ccb3b273893b653f822e3dfc556d498

SHA256
6ba9a2e4a6a58f5bb792947990e51babd9d5151a7057e1a051cb007fea2eb41c

SHA512
c0b8b4421fcb2aabe2c8c8773fd03842e3523bf2b75d6262fd8bd952adc12c06541bdae0219e89f9f9f8d79567a4fe4dff99529366c4a7c5bf66c218431f3217

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\2052\LocalizedData.xml

Filesize
30KB

MD5
150b5c3d1b452dccbe8f1313fda1b18c

SHA1
7128b6b9e84d69c415808f1d325dd969b17914cc

SHA256
6d4eb9dca1cbcd3c2b39a993133731750b9fdf5988411f4a6da143b9204c01f2

SHA512
a45a1f4f19a27558e08939c7f63894ff5754e6840db86b8c8c68d400a36fb23179caff164d8b839898321030469b56446b5a8efc5765096dee5e8a746351e949

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\3082\LocalizedData.xml

Filesize
39KB

MD5
05a95593c61c744759e52caf5e13502e

SHA1
0054833d8a7a395a832e4c188c4d012301dd4090

SHA256
1a3e5e49da88393a71ea00d73fee7570e40edb816b72622e39c7fcd09c95ead1

SHA512
00aee4c02f9d6374560f7d2b826503aab332e1c4bc3203f88fe82e905471ec43f92f4af4fc52e46f377e4d297c2be99daf94980df2ce7664c169552800264fd3

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\ParameterInfo.xml

Filesize
9KB

MD5
03e01a43300d94a371458e14d5e41781

SHA1
c5ac3cd50fae588ff1c258edae864040a200653c

SHA256
19de712560e5a25c5d67348996e7d4f95e8e3db6843086f52cb7209f2098200a

SHA512
e271d52264ff979ae429a4053c945d7e7288f41e9fc6c64309f0ab805cec166c825c2273073c4ef9ca5ab33f00802457b17df103a06cbc35c54642d146571bbb

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\SetupEngine.dll

Filesize
788KB

MD5
84c1daf5f30ff99895ecab3a55354bcf

SHA1
7e25ba36bcc7deed89f3c9568016ddb3156c9c5a

SHA256
7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd

SHA512
e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\SetupUi.dll

Filesize
288KB

MD5
eb881e3dddc84b20bd92abcec444455f

SHA1
e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1

SHA256
11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7

SHA512
5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\SetupUi.xsd

Filesize
29KB

MD5
2fadd9e618eff8175f2a6e8b95c0cacc

SHA1
9ab1710a217d15b192188b19467932d947b0a4f8

SHA256
222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093

SHA512
a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\Strings.xml

Filesize
13KB

MD5
332adf643747297b9bfa9527eaefe084

SHA1
670f933d778eca39938a515a39106551185205e9

SHA256
e49545feeae22198728ad04236e31e02035af7cc4d68e10cbecffd08669cbeca

SHA512
bea95ce35c4c37b4b2e36cc1e81fc297cc4a8e17b93f10423a02b015ddb593064541b5eb7003560fbeee512ed52869a113a6fb439c1133af01f884a0db0344b0

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\UiInfo.xml

Filesize
35KB

MD5
812f8d2e53f076366fa3a214bb4cf558

SHA1
35ae734cfb99bb139906b5f4e8efbf950762f6f0

SHA256
0d36a884a8381778bea71f5f9f0fc60cacadebd3f814679cb13414b8e7dbc283

SHA512
1dcc3ef8c390ca49fbcd50c02accd8cc5700db3594428e2129f79feb81e4cbbeef1b4a10628b2cd66edf31a69ed39ca2f4e252ad8aa13d2f793fca5b9a1eaf23

Download Submit
\??\c:\3a48f806c7f5f3860b1c8a\sqmapi.dll

Filesize
141KB

MD5
3f0363b40376047eff6a9b97d633b750

SHA1
4eaf6650eca5ce931ee771181b04263c536a948b

SHA256
bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

SHA512
537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\avcodec-57.dll

Filesize
11.7MB

MD5
f15a5f86629403e8b2ed1d257b7bed8d

SHA1
f045441816b0f97ddd5fbc2a0a05bd8b8b869d76

SHA256
0108e5b2759c48d5dd4fa0d3968d4be0ff75ceea66f8f769c1563f57bcfd60b0

SHA512
c73ea53db4ba49851cc7b5711b7c205dfe08fb611817ea9126337d69a7007f0d72fa78561020e16d6179f3cebc56407bcf0a2460420b13b58f6f9523358f505d

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\avutil-55.dll

Filesize
497KB

MD5
40a8d94ad9aa8930a925378014f9fb6e

SHA1
2057ab570a14207412372dae4d270a9d32d7ddf3

SHA256
6c78a91516a2e486a8d863777223b3303658da61e1044cc22263a2be599e2e28

SHA512
aa27aa1cd92ce9418b3b5a88d4d068c9a2a412f1220e3579740632d6e7e5c0bf9480adf861c1a749165f6c5fa514b0c95e42016ca0158f3098fd46b72b33ea85

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\libx264-148.dll

Filesize
2.1MB

MD5
0d90b78426e61a4cf6e6a06397a8a5e3

SHA1
6eb7e1056728e699a1a032f86c4f7b6cba9a5deb

SHA256
c5dc32715d046d36946e48de4d46e7c905c5c5b30c7c998c9e0edd3c235e8cbe

SHA512
e6d1f2a917e62fec539e561fbbde46f9a2e02cb5da15f1463a6583d7656554a4cea375dfc0c68fd7608a6ac4b6cae39773f871a9cf9aedc3bafe3e6d4a3ca054

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

Filesize
6.9MB

MD5
4199fd8369ff9adb45855cc1eead3c4e

SHA1
fe2b15c190594bdaedc7fa2b14c83c7e631b2c7c

SHA256
ff7bf38554f6bf802f60aefb3f75aed6885395130caca48fe125e6a52542f9a0

SHA512
365e096a37135a610c042a43f46fd1205fef1075983df7e2fcb3c95a965bdfdca4bce203dca906472917d58bf7a8f2c5e8da0dc067e35950bde23bccf6f91575

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

Filesize
6.9MB

MD5
4199fd8369ff9adb45855cc1eead3c4e

SHA1
fe2b15c190594bdaedc7fa2b14c83c7e631b2c7c

SHA256
ff7bf38554f6bf802f60aefb3f75aed6885395130caca48fe125e6a52542f9a0

SHA512
365e096a37135a610c042a43f46fd1205fef1075983df7e2fcb3c95a965bdfdca4bce203dca906472917d58bf7a8f2c5e8da0dc067e35950bde23bccf6f91575

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

Filesize
6.9MB

MD5
4199fd8369ff9adb45855cc1eead3c4e

SHA1
fe2b15c190594bdaedc7fa2b14c83c7e631b2c7c

SHA256
ff7bf38554f6bf802f60aefb3f75aed6885395130caca48fe125e6a52542f9a0

SHA512
365e096a37135a610c042a43f46fd1205fef1075983df7e2fcb3c95a965bdfdca4bce203dca906472917d58bf7a8f2c5e8da0dc067e35950bde23bccf6f91575

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

Filesize
6.9MB

MD5
4199fd8369ff9adb45855cc1eead3c4e

SHA1
fe2b15c190594bdaedc7fa2b14c83c7e631b2c7c

SHA256
ff7bf38554f6bf802f60aefb3f75aed6885395130caca48fe125e6a52542f9a0

SHA512
365e096a37135a610c042a43f46fd1205fef1075983df7e2fcb3c95a965bdfdca4bce203dca906472917d58bf7a8f2c5e8da0dc067e35950bde23bccf6f91575

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

Filesize
6.9MB

MD5
4199fd8369ff9adb45855cc1eead3c4e

SHA1
fe2b15c190594bdaedc7fa2b14c83c7e631b2c7c

SHA256
ff7bf38554f6bf802f60aefb3f75aed6885395130caca48fe125e6a52542f9a0

SHA512
365e096a37135a610c042a43f46fd1205fef1075983df7e2fcb3c95a965bdfdca4bce203dca906472917d58bf7a8f2c5e8da0dc067e35950bde23bccf6f91575

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

Filesize
6.9MB

MD5
4199fd8369ff9adb45855cc1eead3c4e

SHA1
fe2b15c190594bdaedc7fa2b14c83c7e631b2c7c

SHA256
ff7bf38554f6bf802f60aefb3f75aed6885395130caca48fe125e6a52542f9a0

SHA512
365e096a37135a610c042a43f46fd1205fef1075983df7e2fcb3c95a965bdfdca4bce203dca906472917d58bf7a8f2c5e8da0dc067e35950bde23bccf6f91575

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

Filesize
6.9MB

MD5
4199fd8369ff9adb45855cc1eead3c4e

SHA1
fe2b15c190594bdaedc7fa2b14c83c7e631b2c7c

SHA256
ff7bf38554f6bf802f60aefb3f75aed6885395130caca48fe125e6a52542f9a0

SHA512
365e096a37135a610c042a43f46fd1205fef1075983df7e2fcb3c95a965bdfdca4bce203dca906472917d58bf7a8f2c5e8da0dc067e35950bde23bccf6f91575

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

Filesize
6.9MB

MD5
4199fd8369ff9adb45855cc1eead3c4e

SHA1
fe2b15c190594bdaedc7fa2b14c83c7e631b2c7c

SHA256
ff7bf38554f6bf802f60aefb3f75aed6885395130caca48fe125e6a52542f9a0

SHA512
365e096a37135a610c042a43f46fd1205fef1075983df7e2fcb3c95a965bdfdca4bce203dca906472917d58bf7a8f2c5e8da0dc067e35950bde23bccf6f91575

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

Filesize
6.9MB

MD5
4199fd8369ff9adb45855cc1eead3c4e

SHA1
fe2b15c190594bdaedc7fa2b14c83c7e631b2c7c

SHA256
ff7bf38554f6bf802f60aefb3f75aed6885395130caca48fe125e6a52542f9a0

SHA512
365e096a37135a610c042a43f46fd1205fef1075983df7e2fcb3c95a965bdfdca4bce203dca906472917d58bf7a8f2c5e8da0dc067e35950bde23bccf6f91575

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\uninstall.exe

Filesize
209KB

MD5
7143d285f8a28600bef2b3c0f5211517

SHA1
ccd3c69bcc2a8bc125891cd58ddd5992dbf85ec8

SHA256
a4758d23ed8816f0d70ec1689fa752948d0b042d46c5f6d381d67aa80ce82a73

SHA512
55e798b277aca0b8dc8cd456f54a22b863ccb1f2a9300d7331d38fcb2abca7b38b07d1e09e00bb358280bd40b875070975e64af48e25b6d28a1af6c5eb3fc0a8

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\uninstall.exe

Filesize
209KB

MD5
7143d285f8a28600bef2b3c0f5211517

SHA1
ccd3c69bcc2a8bc125891cd58ddd5992dbf85ec8

SHA256
a4758d23ed8816f0d70ec1689fa752948d0b042d46c5f6d381d67aa80ce82a73

SHA512
55e798b277aca0b8dc8cd456f54a22b863ccb1f2a9300d7331d38fcb2abca7b38b07d1e09e00bb358280bd40b875070975e64af48e25b6d28a1af6c5eb3fc0a8

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\vc_redist.x64.exe

Filesize
24.1MB

MD5
35431d059197b67227cd12f841733539

SHA1
ae97f1e35c50a3c1b7b231995ad547828e71fe4c

SHA256
296f96cd102250636bcd23ab6e6cf70935337b1bbb3507fe8521d8d9cfaa932f

SHA512
dfc0a9bd4151cbb9407a1234e6c892b65d3db35f1a95684547fc0f5334a9b3d19efe88d5f2661d7b4a372489334098629ffb2c433d4128772c3b021ed259424e

Download Submit
\Users\Admin\AppData\Local\StreamingVideoProvider\ScreenRec_app\vcredist_x64.exe

Filesize
5.5MB

MD5
630d75210b325a280c3352f879297ed5

SHA1
b330b760a8f16d5a31c2dc815627f5eb40861008

SHA256
b06546ddc8ca1e3d532f3f2593e88a6f49e81b66a9c2051d58508cc97b6a2023

SHA512
b6e107fa34764d336c9b59802c858845df9f8661a1beb41436fd638a044580557921e69883ed32737f853e203f0083358f642f3efe0a80fae7932c5e6137331f

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\Crypto.dll

Filesize
3KB

MD5
5fc727c579f3c3b69ce0eb7f2ec7d48a

SHA1
4686ade71a45feb36f5f5f48e78bd673f60e45b5

SHA256
b7b819dcf3aaed2774cecfa507f9baee47660b18758f7cb718bb5cb2d77947fa

SHA512
b407eb19db8967fc7eeea8d5576cbb909c89195a0ae2f2382b79ecc13f04d984ec46d014b7f8e2124c8fe6088097cdc8203e4258cdd36a38db94c7cb4a929fd0

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\INetC.dll

Filesize
235KB

MD5
1b64fbf67719787f56e7788a6ec93d92

SHA1
b1696fc7301f5f3b69b928f325a2e4fe1b342d34

SHA256
e761612d52de4bf6411a4c146e5523439cecf23eeacceb51dd69a26d79dd7bd2

SHA512
d1c8e48ec91adbb760699d6afed0c5df597e69bd2873f9168c7ebfa675a7428de80070a8eea13f5ca1bb5845e8056270bf073e7e674be137999cd7a567909ef9

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\INetC.dll

Filesize
235KB

MD5
1b64fbf67719787f56e7788a6ec93d92

SHA1
b1696fc7301f5f3b69b928f325a2e4fe1b342d34

SHA256
e761612d52de4bf6411a4c146e5523439cecf23eeacceb51dd69a26d79dd7bd2

SHA512
d1c8e48ec91adbb760699d6afed0c5df597e69bd2873f9168c7ebfa675a7428de80070a8eea13f5ca1bb5845e8056270bf073e7e674be137999cd7a567909ef9

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\InstallOptions.dll

Filesize
14KB

MD5
20f3184efe7edddfef3325efc25d12a5

SHA1
8db4c500d73f9525a7e9834df6caea2e70189939

SHA256
0e014352b64abc431d97460d79757cbafbf6ba997c08b608c294e1f582af269a

SHA512
433188957a4603c9c61ec698a720021aacf61f46ccc32d5a11bcb6f2d0b1f01e5680635707d8a0ec7a9ef2aa2a85d6dec07ded452e4cb9e280062c0bed555c1a

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\StartMenu.dll

Filesize
7KB

MD5
a09bcf528d02f89f9befa78937ca7d7b

SHA1
3cbcb0fdc32a8f21d6d557cc4c3bb6c4ee246b6f

SHA256
5a31abf36c0ed5e74295b7d7db5a2b09d8aa308483612b7b0bc04771000ac8ad

SHA512
ad4bbc478c028d4b8b890ea60a26ecae1c0dfacad872d150bfb1c334d7f52f2963123c45cef4ee0d773d9b3e143dde2c3d8da92ea9f703e44c5ee873a873b95c

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\System.dll

Filesize
11KB

MD5
55a26d7800446f1373056064c64c3ce8

SHA1
80256857e9a0a9c8897923b717f3435295a76002

SHA256
904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8

SHA512
04b8ab7a85c26f188c0a06f524488d6f2ac2884bf107c860c82e94ae12c3859f825133d78338fd2b594dfc48f7dc9888ae76fee786c6252a5c77c88755128a5b

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\nsProcess.dll

Filesize
4KB

MD5
faa7f034b38e729a983965c04cc70fc1

SHA1
df8bda55b498976ea47d25d8a77539b049dab55e

SHA256
579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

SHA512
7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\nsisXML.dll

Filesize
12KB

MD5
9f3d5344e7ede1f41f99d8fc37fd01ad

SHA1
d0322ce3ba30a924daa1c9e322846a3d8ccda878

SHA256
77aa1a74a556f00f16baf9b94637fa997bd4085695ba81bf496223644e43e815

SHA512
2849b261b77fa2abf0d0efc7604ccce7f502d20a556eea9877cfe1cbc6d515d8fe41986943081629243b81987cddd54613ee01fc7859ae16eab57f6ca2cd4bfc

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2EF.tmp\nsisunz.dll

Filesize
40KB

MD5
5f13dbc378792f23e598079fc1e4422b

SHA1
5813c05802f15930aa860b8363af2b58426c8adf

SHA256
6e87ecb7f62039fbb6e7676422d1a5e75a32b90dde6865dcb68ee658ba8df61d

SHA512
9270635a5294482f49e0292e26d45dd103b85fe27dc163d44531b095c5f9dbde6b904adaf1a888ba3c112a094380394713c796f5195b2566a20f00b42b6578e5

Download Submit
\Windows\Temp\{7C30DC5E-7F61-4147-9619-0B1443D55862}\.cr\vc_redist.x64.exe

Filesize
634KB

MD5
24323f69876bda1b9909a0d0d6b981ba

SHA1
75761d5303828e5cdeb9a3ba0bd9ebaedb56e9b0

SHA256
7b1b012d525323f4e6c2e3b53e9f55bda9d01d8761a86f03317e46d4f28ae808

SHA512
01ed192274bd3559df05adb8de057a6d26bc77376c0fbc2d7ab8a8306620e8515cfbffabd2289417f3513982bbf2b7ed68897c649f14848858690985c9b262c3

Download Submit
\Windows\Temp\{CD55762C-C65F-4741-8B8C-9C61E5940CCB}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
memory/920-1632-0x000007FEF4ED0000-0x000007FEF61C5000-memory.dmp

Filesize
19.0MB

Download
memory/920-1638-0x000007FEF4CA0000-0x000007FEF4EC9000-memory.dmp

Filesize
2.2MB

Download
memory/920-1676-0x0000000001D50000-0x0000000001D5A000-memory.dmp

Filesize
40KB

Download
memory/920-1675-0x0000000001D50000-0x0000000001D5A000-memory.dmp

Filesize
40KB

Download
memory/920-1654-0x0000000001BC0000-0x0000000001BD0000-memory.dmp

Filesize
64KB

Download
memory/920-1641-0x000007FEF6320000-0x000007FEF63B3000-memory.dmp

Filesize
588KB

Download
memory/920-1614-0x0000000001BC0000-0x0000000001BD0000-memory.dmp

Filesize
64KB

Download
memory/920-1640-0x000007FEF63C0000-0x000007FEF63EC000-memory.dmp

Filesize
176KB

Download
memory/920-1639-0x000007FEF4A90000-0x000007FEF4C94000-memory.dmp

Filesize
2.0MB

Download
memory/920-1635-0x0000000064940000-0x0000000064956000-memory.dmp

Filesize
88KB

Download
memory/920-1637-0x000007FEF6440000-0x000007FEF646C000-memory.dmp

Filesize
176KB

Download
memory/920-1636-0x000007FEF6640000-0x000007FEF6668000-memory.dmp

Filesize
160KB

Download
memory/920-1634-0x000007FEF6470000-0x000007FEF650A000-memory.dmp

Filesize
616KB

Download
memory/920-1633-0x0000000073B10000-0x0000000073D73000-memory.dmp

Filesize
2.4MB

Download
memory/920-1631-0x0000000001D50000-0x0000000001D5A000-memory.dmp

Filesize
40KB

Download
memory/920-1630-0x0000000001D50000-0x0000000001D5A000-memory.dmp

Filesize
40KB

Download
memory/1656-1617-0x000007FEF6470000-0x000007FEF650A000-memory.dmp

Filesize
616KB

Download
memory/1656-1714-0x00000000002F0000-0x00000000002F2000-memory.dmp

Filesize
8KB

Download
memory/1656-1624-0x000007FEF6320000-0x000007FEF63B3000-memory.dmp

Filesize
588KB

Download
memory/1656-1603-0x000007FEF4540000-0x000007FEF4A81000-memory.dmp

Filesize
5.3MB

Download
memory/1656-1618-0x0000000064940000-0x0000000064956000-memory.dmp

Filesize
88KB

Download
memory/1656-1620-0x000007FEF6440000-0x000007FEF646C000-memory.dmp

Filesize
176KB

Download
memory/1656-1621-0x000007FEF4CA0000-0x000007FEF4EC9000-memory.dmp

Filesize
2.2MB

Download
memory/1656-1619-0x000007FEF6640000-0x000007FEF6668000-memory.dmp

Filesize
160KB

Download
memory/1656-1622-0x000007FEF4A90000-0x000007FEF4C94000-memory.dmp

Filesize
2.0MB

Download
memory/1656-1623-0x000007FEF63C0000-0x000007FEF63EC000-memory.dmp

Filesize
176KB

Download
memory/1656-1615-0x000007FEF4ED0000-0x000007FEF61C5000-memory.dmp

Filesize
19.0MB

Download
memory/1656-1616-0x0000000073B10000-0x0000000073D73000-memory.dmp

Filesize
2.4MB

Download
memory/1656-1612-0x00000000002F0000-0x00000000002FA000-memory.dmp

Filesize
40KB

Download
memory/1656-1652-0x00000000002F0000-0x00000000002FA000-memory.dmp

Filesize
40KB

Download
memory/1656-1653-0x00000000002F0000-0x00000000002FA000-memory.dmp

Filesize
40KB

Download
memory/1656-1611-0x00000000002F0000-0x00000000002FA000-memory.dmp

Filesize
40KB

Download
memory/1656-1608-0x00000000002A0000-0x00000000002B0000-memory.dmp

Filesize
64KB

Download
memory/1656-1606-0x00000000038C0000-0x0000000003AC0000-memory.dmp

Filesize
2.0MB

Download
memory/1656-1604-0x0000000003480000-0x00000000038C0000-memory.dmp

Filesize
4.2MB

Download