Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

DroidCam.S....2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    41s
  • max time network
    48s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2023, 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DroidCam.Setup.6.5.2.exe

  • Size

    15.6MB

  • MD5

    d952d907646a522caf6ec5d00d114ce1

  • SHA1

    75ad9bacb60ded431058a50a220e22a35e3d03f7

  • SHA256

    f92ad1e92780a039397fd62d04affe97f1a65d04e7a41c9b5da6dd3fd265967e

  • SHA512

    3bfaee91d161de09c66ef7a85ad402f180624293cdc13d048edbeec5a3c4ad2bc84d5fde92383feb9b9f2d83e40a3e9ff27e81a32e605513611b6001f284b9fe

  • SSDEEP

    393216:oZsfK4YUD12zS7SEOegn4j7BgNE9O+wcDGFdClu8ZLzzpC4:gsfKPUD1kS7249O3cDGvClnlC4

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Drops file in Drivers directory 5 IoCs
  • Drops file in System32 directory 32 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 33 IoCs
  • Drops file in Windows directory 12 IoCs
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 13 IoCs
  • Registers COM server for autorun 1 TTPs 21 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DroidCam.Setup.6.5.2.exe
    "C:\Users\Admin\AppData\Local\Temp\DroidCam.Setup.6.5.2.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
      "C:\Program Files (x86)\DroidCam\vc_redist.x86.exe" /install /quiet
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:5100
      • C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
        "C:\Program Files (x86)\DroidCam\vc_redist.x86.exe" /install /quiet -burn.unelevated BurnPipe.{91412F48-189C-4238-86CF-42AD38A45F5A} {284F3DDE-7D4A-4415-A37B-C01A911F431F} 5100
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:760
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c install.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4040
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s "DroidCamFilter32.ax"
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:856
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s "DroidCamFilter64.ax"
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:912
        • C:\Windows\system32\regsvr32.exe
          /s "DroidCamFilter64.ax"
          4⤵
          • Loads dropped DLL
          • Registers COM server for autorun
          • Modifies registry class
          PID:1804
    • C:\Program Files (x86)\DroidCam\lib\insdrv.exe
      "C:\Program Files (x86)\DroidCam\lib\insdrv.exe" +v
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:3852
    • C:\Program Files (x86)\DroidCam\lib\insdrv.exe
      "C:\Program Files (x86)\DroidCam\lib\insdrv.exe" +a
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:4924
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{1e835c35-7cc9-df47-9f78-24287d8358ad}\droidcamvideo.inf" "9" "41e7d49db" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "c:\program files (x86)\droidcam\lib"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:5064
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:c14ce8845b5e8bf3:DroidCamVideo.Device:21.4.1.0:droidcamvideo," "41e7d49db" "0000000000000148"
      2⤵
      • Drops file in Windows directory
      • Registers COM server for autorun
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1056
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{749658b9-4254-5142-aab5-038de71494e4}\droidcam.inf" "9" "4e67c8bbf" "0000000000000160" "WinSta0\Default" "0000000000000174" "208" "c:\program files (x86)\droidcam\lib"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:2224
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "2" "211" "ROOT\MEDIA\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:ed86ca11f01d07d6:DroidCam_PCMEX:1.0.0.0:droidcam," "4e67c8bbf" "0000000000000160"
      2⤵
      • Drops file in Drivers directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:316
  • C:\Program Files (x86)\DroidCam\DroidCamApp.exe
    "C:\Program Files (x86)\DroidCam\DroidCamApp.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3800

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\DroidCam\DroidCamApp.exe
    Filesize

    942KB

    MD5

    f8c12fc1b20887fdb70c7f02f0d7bfb3

    SHA1

    28d18fd281e17c919f81eda3a2f0d8765f57049f

    SHA256

    082f5c3fd2fd80505cbd4dbdbb7c50e83c2e81f033a04ea53832dbf0a3fc4933

    SHA512

    97c5d158abb119e076ace4b1398de19029b5d44566d9a293811bf7edbb0db120354cc396aed72bf62766799dc5db266d4b2ee7aee3ffc2818d8be77a4665ad2f

    Download Submit

  • C:\Program Files (x86)\DroidCam\DroidCamApp.exe
    Filesize

    942KB

    MD5

    f8c12fc1b20887fdb70c7f02f0d7bfb3

    SHA1

    28d18fd281e17c919f81eda3a2f0d8765f57049f

    SHA256

    082f5c3fd2fd80505cbd4dbdbb7c50e83c2e81f033a04ea53832dbf0a3fc4933

    SHA512

    97c5d158abb119e076ace4b1398de19029b5d44566d9a293811bf7edbb0db120354cc396aed72bf62766799dc5db266d4b2ee7aee3ffc2818d8be77a4665ad2f

    Download Submit

  • C:\Program Files (x86)\DroidCam\DroidCamApp.exe
    Filesize

    942KB

    MD5

    f8c12fc1b20887fdb70c7f02f0d7bfb3

    SHA1

    28d18fd281e17c919f81eda3a2f0d8765f57049f

    SHA256

    082f5c3fd2fd80505cbd4dbdbb7c50e83c2e81f033a04ea53832dbf0a3fc4933

    SHA512

    97c5d158abb119e076ace4b1398de19029b5d44566d9a293811bf7edbb0db120354cc396aed72bf62766799dc5db266d4b2ee7aee3ffc2818d8be77a4665ad2f

    Download Submit

  • C:\Program Files (x86)\DroidCam\avcodec-58.dll
    Filesize

    1.9MB

    MD5

    5faf0e59bf7ab03adde5f146cc08a777

    SHA1

    edbdf307186c45d90bee94ca468642f248737635

    SHA256

    03ff2145b20ed54e35830545a830a6aefe7804c775e4ff1cfda6fe91ab6e052b

    SHA512

    e2842fe5f4119d0e5e5da881167b1ccc9891a033873619ad2f9ca28a0a150cf8307f7297fb0f70ba1ba5dc44ea5da712cdc5320dff906f81193e809bee9799d4

    Download Submit

  • C:\Program Files (x86)\DroidCam\avcodec-58.dll
    Filesize

    1.9MB

    MD5

    5faf0e59bf7ab03adde5f146cc08a777

    SHA1

    edbdf307186c45d90bee94ca468642f248737635

    SHA256

    03ff2145b20ed54e35830545a830a6aefe7804c775e4ff1cfda6fe91ab6e052b

    SHA512

    e2842fe5f4119d0e5e5da881167b1ccc9891a033873619ad2f9ca28a0a150cf8307f7297fb0f70ba1ba5dc44ea5da712cdc5320dff906f81193e809bee9799d4

    Download Submit

  • C:\Program Files (x86)\DroidCam\avutil-56.dll
    Filesize

    812KB

    MD5

    f1493a182787b87e272745d7cf8d13d2

    SHA1

    aa71e51fb0c157780ec85b8121941b2e1e884a23

    SHA256

    620a6ce8a2101a9472e54ebf219aa0fb8260f99248922ca3ac057f21cc9ceb0d

    SHA512

    f95254d4e32b3ae7af963dc9a83612ce9f3dbd78c6db549e74a236da68966d2ebfaceedd102f9af7cf800f5de438d6522369c2da3b8495a820c22c3ea6c1d2d1

    Download Submit

  • C:\Program Files (x86)\DroidCam\avutil-56.dll
    Filesize

    812KB

    MD5

    f1493a182787b87e272745d7cf8d13d2

    SHA1

    aa71e51fb0c157780ec85b8121941b2e1e884a23

    SHA256

    620a6ce8a2101a9472e54ebf219aa0fb8260f99248922ca3ac057f21cc9ceb0d

    SHA512

    f95254d4e32b3ae7af963dc9a83612ce9f3dbd78c6db549e74a236da68966d2ebfaceedd102f9af7cf800f5de438d6522369c2da3b8495a820c22c3ea6c1d2d1

    Download Submit

  • C:\Program Files (x86)\DroidCam\lib\DroidCamFilter32.ax
    Filesize

    84KB

    MD5

    efe71ae8a02ca59a0855cd649f5e58b8

    SHA1

    0a5ba3257ad82f71890c0fa55a5f7405d0b6b4ac

    SHA256

    ffb22ab7b98ecc98c22cf675bfab61c875127137277e1f66bc3d7269c3b42652

    SHA512

    bad93c560355019f739158d2a25e7643a08cdcb000b378099aa2431ba4d023aa72741e674912d738b0ac6d21e44417f5406eee67f16035f6a783a5226b0d65a4

    Download Submit

  • C:\Program Files (x86)\DroidCam\lib\DroidCamFilter32.ax
    Filesize

    84KB

    MD5

    efe71ae8a02ca59a0855cd649f5e58b8

    SHA1

    0a5ba3257ad82f71890c0fa55a5f7405d0b6b4ac

    SHA256

    ffb22ab7b98ecc98c22cf675bfab61c875127137277e1f66bc3d7269c3b42652

    SHA512

    bad93c560355019f739158d2a25e7643a08cdcb000b378099aa2431ba4d023aa72741e674912d738b0ac6d21e44417f5406eee67f16035f6a783a5226b0d65a4

    Download Submit

  • C:\Program Files (x86)\DroidCam\lib\DroidCamFilter64.ax
    Filesize

    157KB

    MD5

    78022c387da1e93dc0442b656837953e

    SHA1

    e2adf94ec9854e7e57ec0c885a67aa2b9444b233

    SHA256

    c85b89c5d77a8b41b1a8213783f3ebfcc2fbed959149c5e5ed0f48204d9c4d09

    SHA512

    1673125e743874f2ff155a0ea2aaeb31b1aac013a8db2995752f0fbcd6794d41a8f75a7acfeeec6e91e4954423304f9c5d876638a528845054496100e700a539

    Download Submit

  • C:\Program Files (x86)\DroidCam\lib\DroidCamFilter64.ax
    Filesize

    157KB

    MD5

    78022c387da1e93dc0442b656837953e

    SHA1

    e2adf94ec9854e7e57ec0c885a67aa2b9444b233

    SHA256

    c85b89c5d77a8b41b1a8213783f3ebfcc2fbed959149c5e5ed0f48204d9c4d09

    SHA512

    1673125e743874f2ff155a0ea2aaeb31b1aac013a8db2995752f0fbcd6794d41a8f75a7acfeeec6e91e4954423304f9c5d876638a528845054496100e700a539

    Download Submit

  • C:\Program Files (x86)\DroidCam\lib\DroidCamFilter64.ax
    Filesize

    157KB

    MD5

    78022c387da1e93dc0442b656837953e

    SHA1

    e2adf94ec9854e7e57ec0c885a67aa2b9444b233

    SHA256

    c85b89c5d77a8b41b1a8213783f3ebfcc2fbed959149c5e5ed0f48204d9c4d09

    SHA512

    1673125e743874f2ff155a0ea2aaeb31b1aac013a8db2995752f0fbcd6794d41a8f75a7acfeeec6e91e4954423304f9c5d876638a528845054496100e700a539

    Download Submit

  • C:\Program Files (x86)\DroidCam\lib\insdrv.exe
    Filesize

    13KB

    MD5

    fdabbeb1ee62a56fb695ca6e8ad3d4a1

    SHA1

    2c8851470a122da74de43de371c94c39befa0696

    SHA256

    d18438bf03d25002e5aa161669a7cb01d0b2c83d2fa5dc2f9217c3b656eb6b9f

    SHA512

    97e42153bd5ce9bffdf166630dd677bc1e4945d24cb732dcaa616563b892046d4b9a70d556a9bf907947a8bfcf1c28edbd2dac11bfa4bf40a14db3399e6420d9

    Download Submit

  • C:\Program Files (x86)\DroidCam\lib\insdrv.exe
    Filesize

    13KB

    MD5

    fdabbeb1ee62a56fb695ca6e8ad3d4a1

    SHA1

    2c8851470a122da74de43de371c94c39befa0696

    SHA256

    d18438bf03d25002e5aa161669a7cb01d0b2c83d2fa5dc2f9217c3b656eb6b9f

    SHA512

    97e42153bd5ce9bffdf166630dd677bc1e4945d24cb732dcaa616563b892046d4b9a70d556a9bf907947a8bfcf1c28edbd2dac11bfa4bf40a14db3399e6420d9

    Download Submit

  • C:\Program Files (x86)\DroidCam\lib\insdrv.exe
    Filesize

    13KB

    MD5

    fdabbeb1ee62a56fb695ca6e8ad3d4a1

    SHA1

    2c8851470a122da74de43de371c94c39befa0696

    SHA256

    d18438bf03d25002e5aa161669a7cb01d0b2c83d2fa5dc2f9217c3b656eb6b9f

    SHA512

    97e42153bd5ce9bffdf166630dd677bc1e4945d24cb732dcaa616563b892046d4b9a70d556a9bf907947a8bfcf1c28edbd2dac11bfa4bf40a14db3399e6420d9

    Download Submit

  • C:\Program Files (x86)\DroidCam\lib\install.bat
    Filesize

    254B

    MD5

    cfaaa32cc4fd40e36512f768bd75a0e1

    SHA1

    6ed1063ab547f65aace2fd98713df6d29834c19a

    SHA256

    d7b86a37b02fed2794904cb28c0fa64a1e0d2218fab608250c8531c1b9ddc439

    SHA512

    d2fe74d8e10b6378c48b72c9e22515a31592859d1f725bc86d9e48fcce9f7421e7afe477feb1c2041ff46b2620ad4244c887c670dc25e8acd70029e2166a0a93

    Download Submit

  • C:\Program Files (x86)\DroidCam\libwinpthread-1.dll
    Filesize

    77KB

    MD5

    f154be41738cfcc36f571602666ea751

    SHA1

    22aefe1948b666232e3aae0c80731a0721be0c93

    SHA256

    66a2686d2fcdd3f3bfcf39a219519dbe597a8c5f94b4426da5d0e01f3a2d42cd

    SHA512

    2d6cbd710a290cb9d413798455c450fe985dbc50eabb4405f3588f3cd8a49f4d49bdf2553b3ff7e809814eaadae9d26caf16f50525609a2dd3fd44d32ebec8b9

    Download Submit

  • C:\Program Files (x86)\DroidCam\libwinpthread-1.dll
    Filesize

    77KB

    MD5

    f154be41738cfcc36f571602666ea751

    SHA1

    22aefe1948b666232e3aae0c80731a0721be0c93

    SHA256

    66a2686d2fcdd3f3bfcf39a219519dbe597a8c5f94b4426da5d0e01f3a2d42cd

    SHA512

    2d6cbd710a290cb9d413798455c450fe985dbc50eabb4405f3588f3cd8a49f4d49bdf2553b3ff7e809814eaadae9d26caf16f50525609a2dd3fd44d32ebec8b9

    Download Submit

  • C:\Program Files (x86)\DroidCam\swscale-5.dll
    Filesize

    636KB

    MD5

    050f6892cb1f9c76d482b967e891615f

    SHA1

    e37f60aefa9caff1772c7750ce97e23a79380c89

    SHA256

    c345bb33691f6a483b9da275c38a67974c8648f9e65800abb3057510dc7e81b7

    SHA512

    678ddc355bc0f0f9d17aab9c054d727cbf7db414e2744f6715e6aad715cd944bea04005ab4e0e2571e95b9aa9149e92edcd83bf5feaecc5457d765513619d0ac

    Download Submit

  • C:\Program Files (x86)\DroidCam\swscale-5.dll
    Filesize

    636KB

    MD5

    050f6892cb1f9c76d482b967e891615f

    SHA1

    e37f60aefa9caff1772c7750ce97e23a79380c89

    SHA256

    c345bb33691f6a483b9da275c38a67974c8648f9e65800abb3057510dc7e81b7

    SHA512

    678ddc355bc0f0f9d17aab9c054d727cbf7db414e2744f6715e6aad715cd944bea04005ab4e0e2571e95b9aa9149e92edcd83bf5feaecc5457d765513619d0ac

    Download Submit

  • C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
    Filesize

    13.1MB

    MD5

    1a15e6606bac9647e7ad3caa543377cf

    SHA1

    bfb74e498c44d3a103ca3aa2831763fb417134d1

    SHA256

    fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14

    SHA512

    e8cb67fc8e0312da3cc98364b96dfa1a63150ab9de60069c4af60c1cf77d440b7dffe630b4784ba07ea9bf146bdbf6ad5282a900ffd6ab7d86433456a752b2fd

    Download Submit

  • C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
    Filesize

    13.1MB

    MD5

    1a15e6606bac9647e7ad3caa543377cf

    SHA1

    bfb74e498c44d3a103ca3aa2831763fb417134d1

    SHA256

    fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14

    SHA512

    e8cb67fc8e0312da3cc98364b96dfa1a63150ab9de60069c4af60c1cf77d440b7dffe630b4784ba07ea9bf146bdbf6ad5282a900ffd6ab7d86433456a752b2fd

    Download Submit

  • C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
    Filesize

    13.1MB

    MD5

    1a15e6606bac9647e7ad3caa543377cf

    SHA1

    bfb74e498c44d3a103ca3aa2831763fb417134d1

    SHA256

    fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14

    SHA512

    e8cb67fc8e0312da3cc98364b96dfa1a63150ab9de60069c4af60c1cf77d440b7dffe630b4784ba07ea9bf146bdbf6ad5282a900ffd6ab7d86433456a752b2fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf6E60.tmp\System.dll
    Filesize

    11KB

    MD5

    c9473cb90d79a374b2ba6040ca16e45c

    SHA1

    ab95b54f12796dce57210d65f05124a6ed81234a

    SHA256

    b80a5cba69d1853ed5979b0ca0352437bf368a5cfb86cb4528edadd410e11352

    SHA512

    eafe7d5894622bc21f663bca4dd594392ee0f5b29270b6b56b0187093d6a3a103545464ff6398ad32d2cf15dab79b1f133218ba9ba337ddc01330b5ada804d7b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf6E60.tmp\modern-wizard.bmp
    Filesize

    25KB

    MD5

    cbe40fd2b1ec96daedc65da172d90022

    SHA1

    366c216220aa4329dff6c485fd0e9b0f4f0a7944

    SHA256

    3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

    SHA512

    62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf6E60.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    12465ce89d3853918ed3476d70223226

    SHA1

    4c9f4b8b77a254c2aeace08c78c1cffbb791640d

    SHA256

    5157fe688cca27d348171bd5a8b117de348c0844ca5cb82bc68cbd7d873a3fdc

    SHA512

    20495270bcd0cae3102ffae0a3e783fad5f0218a5e844c767b07a10d2cfab2fab0afb5e07befa531ba466393a3d6255741f89c6def21ec2887234f49adceea2f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf6E60.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    12465ce89d3853918ed3476d70223226

    SHA1

    4c9f4b8b77a254c2aeace08c78c1cffbb791640d

    SHA256

    5157fe688cca27d348171bd5a8b117de348c0844ca5cb82bc68cbd7d873a3fdc

    SHA512

    20495270bcd0cae3102ffae0a3e783fad5f0218a5e844c767b07a10d2cfab2fab0afb5e07befa531ba466393a3d6255741f89c6def21ec2887234f49adceea2f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf6E60.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    12465ce89d3853918ed3476d70223226

    SHA1

    4c9f4b8b77a254c2aeace08c78c1cffbb791640d

    SHA256

    5157fe688cca27d348171bd5a8b117de348c0844ca5cb82bc68cbd7d873a3fdc

    SHA512

    20495270bcd0cae3102ffae0a3e783fad5f0218a5e844c767b07a10d2cfab2fab0afb5e07befa531ba466393a3d6255741f89c6def21ec2887234f49adceea2f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf6E60.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    0a6f707fa22c3f3e5d1abb54b0894ad6

    SHA1

    610cb2c3623199d0d7461fc775297e23cef88c4e

    SHA256

    370e47364561fa501b1300b056fb53fae12b1639fdf5f113275bee03546081c0

    SHA512

    af0c8ca0c892f1b757fbd700061f3d81417dff11d89bdff45e977de81ad51c97862406cf7e230e76cf99497f93f57bf09609740953cd81b0d795465ac2623ea8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf6E60.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    0a6f707fa22c3f3e5d1abb54b0894ad6

    SHA1

    610cb2c3623199d0d7461fc775297e23cef88c4e

    SHA256

    370e47364561fa501b1300b056fb53fae12b1639fdf5f113275bee03546081c0

    SHA512

    af0c8ca0c892f1b757fbd700061f3d81417dff11d89bdff45e977de81ad51c97862406cf7e230e76cf99497f93f57bf09609740953cd81b0d795465ac2623ea8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf6E60.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    0a6f707fa22c3f3e5d1abb54b0894ad6

    SHA1

    610cb2c3623199d0d7461fc775297e23cef88c4e

    SHA256

    370e47364561fa501b1300b056fb53fae12b1639fdf5f113275bee03546081c0

    SHA512

    af0c8ca0c892f1b757fbd700061f3d81417dff11d89bdff45e977de81ad51c97862406cf7e230e76cf99497f93f57bf09609740953cd81b0d795465ac2623ea8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{1E835~1\droidcamvideo.cat
    Filesize

    10KB

    MD5

    0b88937e24a1df7009e0a994e3d6bc28

    SHA1

    adce740fad5a96274ae8ff89c449fbca9def58fa

    SHA256

    84a8687365e531d0e434464bde88ef458f1b04330b2086ab1256dc2094b33d34

    SHA512

    bca2b7a02b075a326889062ad282fd943c7b10c615410dcd334733bac39e3874c58ec82d3ea806784a986108e9e61ac0a0c0925107f7939ba90d1841fb5a3951

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{1E835~1\droidcamvideo.sys
    Filesize

    32KB

    MD5

    914ddc54a23529414e080eee9e71a66e

    SHA1

    64534aef53e4a57a57e5c886f28793da0b5dd578

    SHA256

    381fbd51b799ba14e479b26c868fbe1a210e4d11285caf300873055f050c9b4f

    SHA512

    80f8489cee294f57ff3662e5f0a4b71afda57a151291c2fb323b4a2df1dbd737497f9558aeab8d4734631d54fe2c309f161778949ff8f1471dc53ffc305e9f73

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{1e835c35-7cc9-df47-9f78-24287d8358ad}\droidcamvideo.inf
    Filesize

    3KB

    MD5

    95ce068c79c0f74c78b7e5b09c4072f0

    SHA1

    380212c9adb530c4559685bf22266663b4f63f81

    SHA256

    ba8ae153b8980e50320b4cbe790297aba97c1392068911cf2ec051a42dc4afa5

    SHA512

    16cef98cb513d3f978efdaa3c90ab3147bb998c1b12af55b428e2e54411203b3175ead3fbce15ef2933d1ee48e6a8d79d7473356bef353453b75992f10b3d5b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{749658b9-4254-5142-aab5-038de71494e4}\droidcam.inf
    Filesize

    2KB

    MD5

    403d6b8ac68c827580c347449afd1e94

    SHA1

    9f8303cb71b7b032bf7ff4377c067780d6cf30c1

    SHA256

    025334d19394c41c24211ed36635fdd9f027fc23b654a4c00fabb8ffca568171

    SHA512

    7c67eb1e680ab0924de20bef851ff05490e2a040ff0f0ff420d3181072d527ddcef030e1692aff686afe6868d407516b48257ed1a04c8dc94ffcd5bed7d2c618

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{74965~1\droidcam.cat
    Filesize

    10KB

    MD5

    ebbba34b954e31cbecf731232acfd5a0

    SHA1

    a3fa17a0640f59705068e23b7f028f4f621f70d6

    SHA256

    221487d538e1fda1cb54ce70ddea09f8a519e7112ef17b8bd504f483d9aa3952

    SHA512

    ea24a593b3b16c1305a4ab73c5db8bc03d078c16e3072bbb2fb37eab8154aea70a266cfc4ea478bc1bf5b7566dd3cc2f7d7e85b46b7864981bcbf2e7d87f984e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{74965~1\droidcam.sys
    Filesize

    31KB

    MD5

    698755c4e814626f067b338a4cbc3cef

    SHA1

    2a2525417de84804c1487710d014d420322c4b8d

    SHA256

    4faf45a52c2fe736b7656d306ad2a6bc1876c12fdbb20663e2f866f0d914bde3

    SHA512

    1e106a77ae01fc3a64eeaf4194f07c673dcd083627679709084f7ad1259f50977c155e32630c502fa8b7fa9ac4ddf544433614df5597105c8ea07ee4644b5db6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\logo.png
    Filesize

    1KB

    MD5

    d6bd210f227442b3362493d046cea233

    SHA1

    ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

    SHA256

    335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

    SHA512

    464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\wixstdba.dll
    Filesize

    118KB

    MD5

    4d20a950a3571d11236482754b4a8e76

    SHA1

    e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

    SHA256

    a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

    SHA512

    8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

    Download Submit

  • C:\Windows\INF\c_media.PNF
    Filesize

    12KB

    MD5

    d6f787534eea52824abfef940379b071

    SHA1

    b200fb5e314de41c743ac84fc973584dee668946

    SHA256

    feedfdacbcff878dd0f877736f880b045941e25cd3c4013357d4e2a293a1e7d8

    SHA512

    7ba2d3f0858a5aea61486ba8eb96fed621384258b5055e97a314d9cde71081545d881059d9bcd5bce4f5cb2d7cc341090d2cc419cac44302708b8bef17e4beca

    Download Submit

  • C:\Windows\INF\oem3.inf
    Filesize

    3KB

    MD5

    95ce068c79c0f74c78b7e5b09c4072f0

    SHA1

    380212c9adb530c4559685bf22266663b4f63f81

    SHA256

    ba8ae153b8980e50320b4cbe790297aba97c1392068911cf2ec051a42dc4afa5

    SHA512

    16cef98cb513d3f978efdaa3c90ab3147bb998c1b12af55b428e2e54411203b3175ead3fbce15ef2933d1ee48e6a8d79d7473356bef353453b75992f10b3d5b6

    Download Submit

  • C:\Windows\INF\oem4.inf
    Filesize

    2KB

    MD5

    403d6b8ac68c827580c347449afd1e94

    SHA1

    9f8303cb71b7b032bf7ff4377c067780d6cf30c1

    SHA256

    025334d19394c41c24211ed36635fdd9f027fc23b654a4c00fabb8ffca568171

    SHA512

    7c67eb1e680ab0924de20bef851ff05490e2a040ff0f0ff420d3181072d527ddcef030e1692aff686afe6868d407516b48257ed1a04c8dc94ffcd5bed7d2c618

    Download Submit

  • C:\Windows\System32\CatRoot2\dberr.txt
    Filesize

    146KB

    MD5

    1372bc87e266fea5dd0c4965f78fbb46

    SHA1

    5698bae2b694d2ac425e71b20d4bc1c9606b9213

    SHA256

    6471cd6ae199f3b4820b86b97f857b1d21f0b0b01d43f48c990a2c4642441f04

    SHA512

    9e5d6510a5f25c9d8a8604dfe3c1326720fdf8406d528a70f2e8e66e5a6fefd0196818685f94f441b1c20977f98e5412bcbc61192728d22e74930339c92a20ba

    Download Submit

  • C:\Windows\System32\DriverStore\FileRepository\DROIDC~2.INF\droidcam.sys
    Filesize

    31KB

    MD5

    698755c4e814626f067b338a4cbc3cef

    SHA1

    2a2525417de84804c1487710d014d420322c4b8d

    SHA256

    4faf45a52c2fe736b7656d306ad2a6bc1876c12fdbb20663e2f866f0d914bde3

    SHA512

    1e106a77ae01fc3a64eeaf4194f07c673dcd083627679709084f7ad1259f50977c155e32630c502fa8b7fa9ac4ddf544433614df5597105c8ea07ee4644b5db6

    Download Submit

  • C:\Windows\System32\DriverStore\FileRepository\droidcam.inf_amd64_c14a386568f95d09\droidcam.inf
    Filesize

    2KB

    MD5

    403d6b8ac68c827580c347449afd1e94

    SHA1

    9f8303cb71b7b032bf7ff4377c067780d6cf30c1

    SHA256

    025334d19394c41c24211ed36635fdd9f027fc23b654a4c00fabb8ffca568171

    SHA512

    7c67eb1e680ab0924de20bef851ff05490e2a040ff0f0ff420d3181072d527ddcef030e1692aff686afe6868d407516b48257ed1a04c8dc94ffcd5bed7d2c618

    Download Submit

  • C:\Windows\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.inf
    Filesize

    3KB

    MD5

    95ce068c79c0f74c78b7e5b09c4072f0

    SHA1

    380212c9adb530c4559685bf22266663b4f63f81

    SHA256

    ba8ae153b8980e50320b4cbe790297aba97c1392068911cf2ec051a42dc4afa5

    SHA512

    16cef98cb513d3f978efdaa3c90ab3147bb998c1b12af55b428e2e54411203b3175ead3fbce15ef2933d1ee48e6a8d79d7473356bef353453b75992f10b3d5b6

    Download Submit

  • C:\Windows\System32\DriverStore\Temp\{024e7b72-92bb-8540-ab02-aac5e5088a1e}\SETAEA4.tmp
    Filesize

    10KB

    MD5

    0b88937e24a1df7009e0a994e3d6bc28

    SHA1

    adce740fad5a96274ae8ff89c449fbca9def58fa

    SHA256

    84a8687365e531d0e434464bde88ef458f1b04330b2086ab1256dc2094b33d34

    SHA512

    bca2b7a02b075a326889062ad282fd943c7b10c615410dcd334733bac39e3874c58ec82d3ea806784a986108e9e61ac0a0c0925107f7939ba90d1841fb5a3951

    Download Submit

  • C:\Windows\System32\DriverStore\Temp\{024e7b72-92bb-8540-ab02-aac5e5088a1e}\SETAEB4.tmp
    Filesize

    3KB

    MD5

    95ce068c79c0f74c78b7e5b09c4072f0

    SHA1

    380212c9adb530c4559685bf22266663b4f63f81

    SHA256

    ba8ae153b8980e50320b4cbe790297aba97c1392068911cf2ec051a42dc4afa5

    SHA512

    16cef98cb513d3f978efdaa3c90ab3147bb998c1b12af55b428e2e54411203b3175ead3fbce15ef2933d1ee48e6a8d79d7473356bef353453b75992f10b3d5b6

    Download Submit

  • C:\Windows\System32\DriverStore\Temp\{024e7b72-92bb-8540-ab02-aac5e5088a1e}\SETAEC5.tmp
    Filesize

    32KB

    MD5

    914ddc54a23529414e080eee9e71a66e

    SHA1

    64534aef53e4a57a57e5c886f28793da0b5dd578

    SHA256

    381fbd51b799ba14e479b26c868fbe1a210e4d11285caf300873055f050c9b4f

    SHA512

    80f8489cee294f57ff3662e5f0a4b71afda57a151291c2fb323b4a2df1dbd737497f9558aeab8d4734631d54fe2c309f161778949ff8f1471dc53ffc305e9f73

    Download Submit

  • C:\Windows\System32\DriverStore\Temp\{544cc1b5-ac9b-a64e-afc7-dd191c1db036}\SETB6E1.tmp
    Filesize

    10KB

    MD5

    ebbba34b954e31cbecf731232acfd5a0

    SHA1

    a3fa17a0640f59705068e23b7f028f4f621f70d6

    SHA256

    221487d538e1fda1cb54ce70ddea09f8a519e7112ef17b8bd504f483d9aa3952

    SHA512

    ea24a593b3b16c1305a4ab73c5db8bc03d078c16e3072bbb2fb37eab8154aea70a266cfc4ea478bc1bf5b7566dd3cc2f7d7e85b46b7864981bcbf2e7d87f984e

    Download Submit

  • C:\Windows\System32\DriverStore\Temp\{544cc1b5-ac9b-a64e-afc7-dd191c1db036}\SETB6F2.tmp
    Filesize

    2KB

    MD5

    403d6b8ac68c827580c347449afd1e94

    SHA1

    9f8303cb71b7b032bf7ff4377c067780d6cf30c1

    SHA256

    025334d19394c41c24211ed36635fdd9f027fc23b654a4c00fabb8ffca568171

    SHA512

    7c67eb1e680ab0924de20bef851ff05490e2a040ff0f0ff420d3181072d527ddcef030e1692aff686afe6868d407516b48257ed1a04c8dc94ffcd5bed7d2c618

    Download Submit

  • C:\Windows\System32\DriverStore\Temp\{544cc1b5-ac9b-a64e-afc7-dd191c1db036}\SETB702.tmp
    Filesize

    31KB

    MD5

    698755c4e814626f067b338a4cbc3cef

    SHA1

    2a2525417de84804c1487710d014d420322c4b8d

    SHA256

    4faf45a52c2fe736b7656d306ad2a6bc1876c12fdbb20663e2f866f0d914bde3

    SHA512

    1e106a77ae01fc3a64eeaf4194f07c673dcd083627679709084f7ad1259f50977c155e32630c502fa8b7fa9ac4ddf544433614df5597105c8ea07ee4644b5db6

    Download Submit

  • \??\c:\PROGRA~2\droidcam\lib\DROIDC~1.SYS
    Filesize

    32KB

    MD5

    914ddc54a23529414e080eee9e71a66e

    SHA1

    64534aef53e4a57a57e5c886f28793da0b5dd578

    SHA256

    381fbd51b799ba14e479b26c868fbe1a210e4d11285caf300873055f050c9b4f

    SHA512

    80f8489cee294f57ff3662e5f0a4b71afda57a151291c2fb323b4a2df1dbd737497f9558aeab8d4734631d54fe2c309f161778949ff8f1471dc53ffc305e9f73

    Download Submit

  • \??\c:\PROGRA~2\droidcam\lib\droidcam.sys
    Filesize

    31KB

    MD5

    698755c4e814626f067b338a4cbc3cef

    SHA1

    2a2525417de84804c1487710d014d420322c4b8d

    SHA256

    4faf45a52c2fe736b7656d306ad2a6bc1876c12fdbb20663e2f866f0d914bde3

    SHA512

    1e106a77ae01fc3a64eeaf4194f07c673dcd083627679709084f7ad1259f50977c155e32630c502fa8b7fa9ac4ddf544433614df5597105c8ea07ee4644b5db6

    Download Submit

  • \??\c:\program files (x86)\droidcam\lib\droidcam.cat
    Filesize

    10KB

    MD5

    ebbba34b954e31cbecf731232acfd5a0

    SHA1

    a3fa17a0640f59705068e23b7f028f4f621f70d6

    SHA256

    221487d538e1fda1cb54ce70ddea09f8a519e7112ef17b8bd504f483d9aa3952

    SHA512

    ea24a593b3b16c1305a4ab73c5db8bc03d078c16e3072bbb2fb37eab8154aea70a266cfc4ea478bc1bf5b7566dd3cc2f7d7e85b46b7864981bcbf2e7d87f984e

    Download Submit

  • \??\c:\program files (x86)\droidcam\lib\droidcam.inf
    Filesize

    2KB

    MD5

    403d6b8ac68c827580c347449afd1e94

    SHA1

    9f8303cb71b7b032bf7ff4377c067780d6cf30c1

    SHA256

    025334d19394c41c24211ed36635fdd9f027fc23b654a4c00fabb8ffca568171

    SHA512

    7c67eb1e680ab0924de20bef851ff05490e2a040ff0f0ff420d3181072d527ddcef030e1692aff686afe6868d407516b48257ed1a04c8dc94ffcd5bed7d2c618

    Download Submit

  • \??\c:\program files (x86)\droidcam\lib\droidcamvideo.cat
    Filesize

    10KB

    MD5

    0b88937e24a1df7009e0a994e3d6bc28

    SHA1

    adce740fad5a96274ae8ff89c449fbca9def58fa

    SHA256

    84a8687365e531d0e434464bde88ef458f1b04330b2086ab1256dc2094b33d34

    SHA512

    bca2b7a02b075a326889062ad282fd943c7b10c615410dcd334733bac39e3874c58ec82d3ea806784a986108e9e61ac0a0c0925107f7939ba90d1841fb5a3951

    Download Submit

  • \??\c:\program files (x86)\droidcam\lib\droidcamvideo.inf
    Filesize

    3KB

    MD5

    95ce068c79c0f74c78b7e5b09c4072f0

    SHA1

    380212c9adb530c4559685bf22266663b4f63f81

    SHA256

    ba8ae153b8980e50320b4cbe790297aba97c1392068911cf2ec051a42dc4afa5

    SHA512

    16cef98cb513d3f978efdaa3c90ab3147bb998c1b12af55b428e2e54411203b3175ead3fbce15ef2933d1ee48e6a8d79d7473356bef353453b75992f10b3d5b6

    Download Submit

  • memory/3800-445-0x0000000073810000-0x00000000739DC000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3800-448-0x00000000736A0000-0x000000007373F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/3800-447-0x0000000064B40000-0x0000000064B5B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3800-446-0x0000000073740000-0x0000000073808000-memory.dmp

    Filesize

    800KB

    Download