5b7b68d96dc1654015147fd838acd4c8338ce4ea3840f32740e3b42be458ebfb

Analysis

max time kernel
132s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
27/08/2023, 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

snap-camera-1.21.0-installer_ags-7s1.exe
Size

1.7MB
MD5

7023d0151eff8232910a092883f353bc
SHA1

4b09da2f0b2b5c2e9ca9b2ebddda394acf3e09d7
SHA256

5b7b68d96dc1654015147fd838acd4c8338ce4ea3840f32740e3b42be458ebfb
SHA512

8b59c32e54d93d64585e461f211d1f67d2c9f6f41a88a37a799757ede2cc52e3d653eb6cfded068a104c8fc3c21b6dfb6be41d70476da2e7a9c505b15722803a
SSDEEP

24576:t7FUDowAyrTVE3U5Fmcz1P4PRDuNFej8+Bh0BnxzMxoQdWgU0+Nzyq:tBuZrEUj+DiFcTh0rgU0+Vyq

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{a98dc6ff-d360-4878-9f0a-915eba86eaf3} = "\"C:\\ProgramData\\Package Cache\\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}\\VC_redist.x86.exe\" /burn.runonce"	VC_redist.x86.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Snap Camera = "\"C:\\Program Files\\Snap Inc\\Snap Camera\\Snap Camera.exe\" --minimized-mode"	snap-camera-1.21.0-installer.tmp

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in System32 directory 34 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\vcruntime140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\concrt140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcamp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcamp140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140deu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140kor.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140cht.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140ita.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcomp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcomp140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm140u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140rus.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Snap Inc\Snap Camera\Resources\PrecachedAssets.bundle\is-CJ82A.tmp	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Base\TreeViewStyle.qmlc	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Universal\DialogButtonBox.qml	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\TrackingData\Mesh_V3\is-0AAVG.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Base\images\is-FOCAI.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Desktop\is-GIKC8.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\shaders\GLES30\common\is-MBK6H.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtGraphicalEffects\private\is-AA4PH.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\TrackingData\is-F07GK.tmp	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Private\TextInputWithHandles.qml	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Universal\RadioButton.qml	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\scenarium\envProvider\generateBorderHighest.glsl	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\ItemDelegate.qml	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Extras\Private\CircularButton.qmlc	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Desktop\MenuBarStyle.qml	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Universal\PageIndicator.qml	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\scenarium\is-78R9J.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Base\is-T3Q9S.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Material\is-502LU.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\shaders\common\is-3OD5Q.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\is-873CR.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Base\images\is-AVUHT.tmp	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\Overlay.lns	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\scenarium\desktop\glsl430\required2_gl.glsl	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Base\ToggleButtonStyle.qmlc	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Material\Drawer.qml	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Universal\Frame.qml	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Button.qml	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\Qt5Svg.dll	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Desktop\ProgressBarStyle.qmlc	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Universal\BusyIndicator.qml	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Material\is-C5LRH.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Extras\Private\is-FCPQB.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\Resources\PrecachedAssets.bundle\is-7QRG8.tmp	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Base\images\editbox.png	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Base\SpinBoxStyle.qml	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\is-IVP8A.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtGraphicalEffects\is-TBQQ7.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Desktop\is-7B18D.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\scenarium\desktop\glsl120\is-6MMI5.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\shaders\GLES20\common\is-2OQGM.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Base\is-5QQDK.tmp	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\libssl-1_1-x64.dll	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\scenarium\desktop\glsl430\localray\lray_resolve.glsl	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Private\SystemPaletteSingleton.qmlc	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Extras\TumblerColumn.qml	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\scenarium\is-1QITI.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\is-6IE2B.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Imagine\is-98E7B.tmp	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\driver\installer.exe	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\RadioButton.qmlc	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Imagine\Menu.qml	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Fusion\is-CN696.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Dialogs\images\is-5V6OR.tmp	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Menu.qml	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Flat\is-1QTH0.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Fusion\is-JS66T.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Universal\is-NSL4R.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Fusion\is-V13BG.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Imagine\is-TR9FH.tmp	snap-camera-1.21.0-installer.tmp
File created	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls.2\Material\is-C6HSS.tmp	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Desktop\ApplicationWindowStyle.qml	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\QtQuick\Controls\Styles\Base\BasicTableViewStyle.qmlc	snap-camera-1.21.0-installer.tmp
File opened for modification	C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\shaders\common\drawTexture.glsl	snap-camera-1.21.0-installer.tmp

Drops file in Windows directory 12 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e59f979.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE3C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2B2.tmp	msiexec.exe
File created	C:\Windows\Installer\e59f98a.msi	msiexec.exe
File created	C:\Windows\Installer\e59f98b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e59f98b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e59f979.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFD90.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}	msiexec.exe

Executes dropped EXE 8 IoCs

pid	Process
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
2680	snap-camera-1.21.0-installer.exe
1584	snap-camera-1.21.0-installer.tmp
3660	vc_redist.x64.exe
4876	vc_redist.x64.exe
3860	vc_redist.x86.exe
4788	vc_redist.x86.exe
2552	VC_redist.x86.exe

Loads dropped DLL 2 IoCs

pid	Process
4876	vc_redist.x64.exe
4788	vc_redist.x86.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe

Modifies registry class 42 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.32,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332"	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.32,bundle\Dependents\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.32,bundle\Version = "14.32.31332.0"	VC_redist.x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.32,bundle\Dependents	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7F81AAEA69C934A4CB70B8884A19E3BE\VC_Runtime_Minimum	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\Version = "237009508"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5040806F8AF9AAC49928419ED5A1D3CA	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Version = "14.32.31332"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\ = "{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7F81AAEA69C934A4CB70B8884A19E3BE	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\ProductName = "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1\7F81AAEA69C934A4CB70B8884A19E3BE	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Dependents\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\PackageCode = "1E0C2917067BECB4081BD2F9D3FF2740"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\SourceList\PackageName = "vc_runtimeMinimum_x86.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\DisplayName = "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7F81AAEA69C934A4CB70B8884A19E3BE\Servicing_Key	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}v14.32.31332\\packages\\vcRuntimeMinimum_x86\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}v14.32.31332\\packages\\vcRuntimeMinimum_x86\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x86,x86,14.32,bundle	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.32,bundle\ = "{a98dc6ff-d360-4878-9f0a-915eba86eaf3}"	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7F81AAEA69C934A4CB70B8884A19E3BE\Provider	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7F81AAEA69C934A4CB70B8884A19E3BE\AdvertiseFlags = "388"	msiexec.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	19	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1584	snap-camera-1.21.0-installer.tmp
1584	snap-camera-1.21.0-installer.tmp
3552	msiexec.exe
3552	msiexec.exe
3552	msiexec.exe
3552	msiexec.exe
3552	msiexec.exe
3552	msiexec.exe
3552	msiexec.exe
3552	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeBackupPrivilege	960	vssvc.exe
Token: SeRestorePrivilege	960	vssvc.exe
Token: SeAuditPrivilege	960	vssvc.exe
Token: SeShutdownPrivilege	2552	VC_redist.x86.exe
Token: SeIncreaseQuotaPrivilege	2552	VC_redist.x86.exe
Token: SeSecurityPrivilege	3552	msiexec.exe
Token: SeCreateTokenPrivilege	2552	VC_redist.x86.exe
Token: SeAssignPrimaryTokenPrivilege	2552	VC_redist.x86.exe
Token: SeLockMemoryPrivilege	2552	VC_redist.x86.exe
Token: SeIncreaseQuotaPrivilege	2552	VC_redist.x86.exe
Token: SeMachineAccountPrivilege	2552	VC_redist.x86.exe
Token: SeTcbPrivilege	2552	VC_redist.x86.exe
Token: SeSecurityPrivilege	2552	VC_redist.x86.exe
Token: SeTakeOwnershipPrivilege	2552	VC_redist.x86.exe
Token: SeLoadDriverPrivilege	2552	VC_redist.x86.exe
Token: SeSystemProfilePrivilege	2552	VC_redist.x86.exe
Token: SeSystemtimePrivilege	2552	VC_redist.x86.exe
Token: SeProfSingleProcessPrivilege	2552	VC_redist.x86.exe
Token: SeIncBasePriorityPrivilege	2552	VC_redist.x86.exe
Token: SeCreatePagefilePrivilege	2552	VC_redist.x86.exe
Token: SeCreatePermanentPrivilege	2552	VC_redist.x86.exe
Token: SeBackupPrivilege	2552	VC_redist.x86.exe
Token: SeRestorePrivilege	2552	VC_redist.x86.exe
Token: SeShutdownPrivilege	2552	VC_redist.x86.exe
Token: SeDebugPrivilege	2552	VC_redist.x86.exe
Token: SeAuditPrivilege	2552	VC_redist.x86.exe
Token: SeSystemEnvironmentPrivilege	2552	VC_redist.x86.exe
Token: SeChangeNotifyPrivilege	2552	VC_redist.x86.exe
Token: SeRemoteShutdownPrivilege	2552	VC_redist.x86.exe
Token: SeUndockPrivilege	2552	VC_redist.x86.exe
Token: SeSyncAgentPrivilege	2552	VC_redist.x86.exe
Token: SeEnableDelegationPrivilege	2552	VC_redist.x86.exe
Token: SeManageVolumePrivilege	2552	VC_redist.x86.exe
Token: SeImpersonatePrivilege	2552	VC_redist.x86.exe
Token: SeCreateGlobalPrivilege	2552	VC_redist.x86.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe
Token: SeTakeOwnershipPrivilege	3552	msiexec.exe
Token: SeRestorePrivilege	3552	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1248	snap-camera-1.21.0-installer_ags-7s1.tmp
1584	snap-camera-1.21.0-installer.tmp

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 3756 wrote to memory of 1248	3756	snap-camera-1.21.0-installer_ags-7s1.exe	82
PID 3756 wrote to memory of 1248	3756	snap-camera-1.21.0-installer_ags-7s1.exe	82
PID 3756 wrote to memory of 1248	3756	snap-camera-1.21.0-installer_ags-7s1.exe	82
PID 1248 wrote to memory of 2680	1248	snap-camera-1.21.0-installer_ags-7s1.tmp	93
PID 1248 wrote to memory of 2680	1248	snap-camera-1.21.0-installer_ags-7s1.tmp	93
PID 1248 wrote to memory of 2680	1248	snap-camera-1.21.0-installer_ags-7s1.tmp	93
PID 2680 wrote to memory of 1584	2680	snap-camera-1.21.0-installer.exe	94
PID 2680 wrote to memory of 1584	2680	snap-camera-1.21.0-installer.exe	94
PID 2680 wrote to memory of 1584	2680	snap-camera-1.21.0-installer.exe	94
PID 1584 wrote to memory of 3660	1584	snap-camera-1.21.0-installer.tmp	95
PID 1584 wrote to memory of 3660	1584	snap-camera-1.21.0-installer.tmp	95
PID 1584 wrote to memory of 3660	1584	snap-camera-1.21.0-installer.tmp	95
PID 3660 wrote to memory of 4876	3660	vc_redist.x64.exe	96
PID 3660 wrote to memory of 4876	3660	vc_redist.x64.exe	96
PID 3660 wrote to memory of 4876	3660	vc_redist.x64.exe	96
PID 1584 wrote to memory of 3860	1584	snap-camera-1.21.0-installer.tmp	98
PID 1584 wrote to memory of 3860	1584	snap-camera-1.21.0-installer.tmp	98
PID 1584 wrote to memory of 3860	1584	snap-camera-1.21.0-installer.tmp	98
PID 3860 wrote to memory of 4788	3860	vc_redist.x86.exe	99
PID 3860 wrote to memory of 4788	3860	vc_redist.x86.exe	99
PID 3860 wrote to memory of 4788	3860	vc_redist.x86.exe	99
PID 4788 wrote to memory of 2552	4788	vc_redist.x86.exe	100
PID 4788 wrote to memory of 2552	4788	vc_redist.x86.exe	100
PID 4788 wrote to memory of 2552	4788	vc_redist.x86.exe	100

C:\Users\Admin\AppData\Local\Temp\snap-camera-1.21.0-installer_ags-7s1.exe
"C:\Users\Admin\AppData\Local\Temp\snap-camera-1.21.0-installer_ags-7s1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Users\Admin\AppData\Local\Temp\is-HGV1C.tmp\snap-camera-1.21.0-installer_ags-7s1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-HGV1C.tmp\snap-camera-1.21.0-installer_ags-7s1.tmp" /SL5="$3021E,836424,832512,C:\Users\Admin\AppData\Local\Temp\snap-camera-1.21.0-installer_ags-7s1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1248
- - C:\Users\Admin\Downloads\snap-camera-1.21.0-installer.exe
    "C:\Users\Admin\Downloads\snap-camera-1.21.0-installer.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\is-8M78C.tmp\snap-camera-1.21.0-installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8M78C.tmp\snap-camera-1.21.0-installer.tmp" /SL5="$F0032,170561280,850944,C:\Users\Admin\Downloads\snap-camera-1.21.0-installer.exe"
      4⤵
      Adds Run key to start application
      Drops file in Program Files directory
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:1584
    - - C:\Program Files\Snap Inc\Snap Camera\vc_redist.x64.exe
        
        "C:\Program Files\Snap Inc\Snap Camera\vc_redist.x64.exe" /install /passive /quiet /norestart
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3660
      - C:\Windows\Temp\{5F6B9120-464A-4714-A6F4-305F6AE151BA}\.cr\vc_redist.x64.exe
        
        "C:\Windows\Temp\{5F6B9120-464A-4714-A6F4-305F6AE151BA}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Program Files\Snap Inc\Snap Camera\vc_redist.x64.exe" -burn.filehandle.attached=552 -burn.filehandle.self=688 /install /passive /quiet /norestart
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4876
    - - C:\Program Files\Snap Inc\Snap Camera\vc_redist.x86.exe
        
        "C:\Program Files\Snap Inc\Snap Camera\vc_redist.x86.exe" /install /passive /quiet /norestart
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3860
      - C:\Windows\Temp\{B3EDEBDA-FB85-4B28-9605-1EB7C6ABE665}\.cr\vc_redist.x86.exe
        
        "C:\Windows\Temp\{B3EDEBDA-FB85-4B28-9605-1EB7C6ABE665}\.cr\vc_redist.x86.exe" -burn.clean.room="C:\Program Files\Snap Inc\Snap Camera\vc_redist.x86.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 /install /passive /quiet /norestart
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:4788
        
        C:\Windows\Temp\{407F27A0-AD4B-4981-A5F0-0AF3E479C069}\.be\VC_redist.x86.exe
        
        "C:\Windows\Temp\{407F27A0-AD4B-4981-A5F0-0AF3E479C069}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{F40E6B2A-C68C-44BA-945A-A741F24C34B8} {C32CE255-AAD4-405F-8CC3-DAA424686016} 4788
        7⤵
        Adds Run key to start application
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:2552
        
        C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={a98dc6ff-d360-4878-9f0a-915eba86eaf3} -burn.filehandle.self=1064 -burn.embedded BurnPipe.{32360792-CD87-4293-B3FE-19568FD14319} {E996BB19-7A26-453A-9DAA-74113CDEF916} 2552
        8⤵
        
        PID:4392
        
        C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 -uninstall -quiet -burn.related.upgrade -burn.ancestors={a98dc6ff-d360-4878-9f0a-915eba86eaf3} -burn.filehandle.self=1064 -burn.embedded BurnPipe.{32360792-CD87-4293-B3FE-19568FD14319} {E996BB19-7A26-453A-9DAA-74113CDEF916} 2552
        9⤵
        
        PID:212
        
        C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{2285FFE9-259E-4462-9A78-A4A6A1ACEA28} {FFF7653F-79E3-450B-9D2D-D7F5C0AF6B35} 212
        10⤵
        
        PID:3176
    - - C:\Program Files\Snap Inc\Snap Camera\driver\installer.exe
        
        "C:\Program Files\Snap Inc\Snap Camera\driver\installer.exe"
        5⤵
        
        PID:3732

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:960

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:2368

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
PID:396
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{29a2461c-ad6f-a94f-844d-68909b40c985}\snapcameravirtualdevice.inf" "9" "4abe0b79f" "000000000000014C" "WinSta0\Default" "0000000000000164" "208" "c:\program files\snap inc\snap camera\driver"
  2⤵
  PID:4144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e59f97e.rbs

Filesize
16KB

MD5
0892fc566621c11fb25979cd26d1401a

SHA1
ee2862bf539ca425db9b17f362def55cc4208f63

SHA256
a2dba0cb6b310a3b29f112d10e274bc7731649326d8cc3b3a6aafa5a5f692dcc

SHA512
0361c2536b7687fe9a8c6097664c433171ff370356d821f246cd1c2d3e4ad52ba03479542082c829b7fa38c813134d58d4ed21bed3adb3b4ad8b092dc132c8f9

Download Submit
C:\Config.Msi\e59f983.rbs

Filesize
18KB

MD5
2d73975f09cb89eb1eceac77a1a73bc9

SHA1
38aa80ff2cc171d2a6223294aaf38302df15c442

SHA256
440c26c3ba6c5690db7796fc9cff55f8fe3987c76e3a1cea296a4cd332326472

SHA512
5bf991df69444145397610f7f7781a76efdc2124d1b52f08766c42f31ac2efe1cbb1d12ef38c5c505f5e2e3c551ed321a37d1ae521526290bb28b91058eea028

Download Submit
C:\Config.Msi\e59f990.rbs

Filesize
20KB

MD5
6150271c8b343bb1674c8f28a88f8448

SHA1
bb3d427513097ffcdfae9f896be000def607b861

SHA256
7cbc24d9d9dc4ce362934fd8306de5bd45fe3eede9d18bd15ec39f65f15f3bf9

SHA512
c8d41be53c73d6979bdb078a618a4ba75c4d69cb59225f52b04c07e5d22a3bcb5fd81bb2e971b8baec5bb1f6f8556a39ad9d2cfd8b00dc9b95b609345c2efc05

Download Submit
C:\Config.Msi\e59f99f.rbs

Filesize
19KB

MD5
a4b220661ddb57a792411978c7fd52b4

SHA1
e410c85220b61825fbc3d47c53a9397988417404

SHA256
2b8b1e5a591d00b6dbc2b2b9dc58b70777b1ce9138dd3af505a59bfad4536a3a

SHA512
187efdb1d27bdf6fad3e26f04dd3b376a92dd95e9f0452d0861b828f641d69972326c3945abe5ddeb408f537dd8415b846930db97dd4acb6d362676e9a180559

Download Submit
C:\Program Files\Snap Inc\Snap Camera\CoreResources.bundle\scenarium\desktop\glsl430\is-L69RL.tmp

Filesize
261B

MD5
811469ebf66860b70d77979cf19ea703

SHA1
a31f5b9b1590b60800c7d1ee3eb768bee2b9b7de

SHA256
35e7e17967b232bba641986f8c52cfa066d434653bb96495f7d4425e11e24331

SHA512
b7d13e312bac1c81eb3ba55baee084cc39b337c5d37888c17997e66830e14e3dbef3b6faa06506b1a0906915465e016ea601695bffac6adfc007c5e4bd05d08f

Download Submit
C:\Program Files\Snap Inc\Snap Camera\Resources\PrecachedAssets.bundle\18112347238\Content\Resources\Resource14\is-CLPQ4.tmp

Filesize
4KB

MD5
ba85cae66fe4b7ba673ea04842181871

SHA1
4cebe901781adbe3da236c198a22a0c30da38efc

SHA256
d7eb70cab55e687acf8a51e5b651a1fbf60f505d3cb8ec248e8ededd9f014b91

SHA512
385f4cfbf0e718324f65ff95a57115fb9ab1d7fa6e5410aa6e7bd53880b1ea1a6f504f80ba52a1e26df9b6df23e0557ac3f338c4b5563318e7321be8c3a5ef03

Download Submit
C:\Program Files\Snap Inc\Snap Camera\Snap Camera.exe

Filesize
64.2MB

MD5
9d23de5bc731a6c93e4eef17c70cb9df

SHA1
a1085e9acbddfe040b9b3553b9c5b08855e55972

SHA256
7b19c690248d74941a8d450a025a8fddd1dec6421f0c80c3ffd8d9cda8a358d6

SHA512
dea4c8fe3aae4e4027eae7265c892c33268b9b782544af4f6f5159a9878ac6479f1ec734f12e024109a973a2b9a4eab69353fd075b3cba4f2bc2381517d94080

Download Submit
C:\Program Files\Snap Inc\Snap Camera\SnapVirtualCam32.dll

Filesize
2.7MB

MD5
1ddcf53f65ee70dea9aa90d2c074de4d

SHA1
0bc8e2e0e7df13f781b21dbe69cfe60ea0107f21

SHA256
ab4d9a71297dbb5bb8c2563e7ba3c52d0f506d653a114ae7c8f5882a3b3be5f2

SHA512
0a4ecad5d04a3085f63c6deb49a7aaae01fea583c87da884ebfce7c1fe8df5e9b0aee61f3d982f52993ec89208a0fe3474412d6fe24a9c52fb84c572b824fac7

Download Submit
C:\Program Files\Snap Inc\Snap Camera\SnapVirtualCam64.dll

Filesize
2.7MB

MD5
4f388ca6f87cbe8278bb8997a820140a

SHA1
350a97a22cf7f40844c66b2090ded40976f32e38

SHA256
ac7ba70ea82b62e7f57942d7267b58163c0449d5493e5ab671e198d92e73c37c

SHA512
9f8174b48ac9cd451652c5c796c4ea620eb092cf57f014ff1a5c378cfe5146c85b4217bdfae967780efbd611363b0fcc5def810c81f72595119235226036c7f3

Download Submit
C:\Program Files\Snap Inc\Snap Camera\driver\SnapCameraVirtualDevice.inf

Filesize
1KB

MD5
b6adb2eaa4a9eeedf25b80fc5cb15113

SHA1
3d738e9c91396f649626a6a00670de1eae69e380

SHA256
0f9d7039079de19e1364d92955cf07a3dfff706b08bbf3c771011e8843aa3836

SHA512
41c70805eb182286c7813248bcc7ac1d5a98664184d947784ff995dcc1fbb407c561576663bf5aa0978982d7c0b2c940e2395f802ee9ce444bd88a2efbffe178

Download Submit
C:\Program Files\Snap Inc\Snap Camera\driver\installer.exe

Filesize
123KB

MD5
19a27a7bfc1b1456241bba5b36a830f3

SHA1
c3d5c1f4768a58c76428749ea4df73222fedb6cc

SHA256
a0657e07932c4086092536b7bf2a8f31538799aaaabfaa2a871cb44636e543b0

SHA512
b81663bf3f26c8ca593e2ff5b8f6b31c570fd7586e4a3bb0be3242d7a27ec215d4337b8da4519bfd3c1d3cf1749ecffdee65bf63e32c9b90d503c2f59c53dc4f

Download Submit
C:\Program Files\Snap Inc\Snap Camera\driver\installer.exe

Filesize
123KB

MD5
19a27a7bfc1b1456241bba5b36a830f3

SHA1
c3d5c1f4768a58c76428749ea4df73222fedb6cc

SHA256
a0657e07932c4086092536b7bf2a8f31538799aaaabfaa2a871cb44636e543b0

SHA512
b81663bf3f26c8ca593e2ff5b8f6b31c570fd7586e4a3bb0be3242d7a27ec215d4337b8da4519bfd3c1d3cf1749ecffdee65bf63e32c9b90d503c2f59c53dc4f

Download Submit
C:\Program Files\Snap Inc\Snap Camera\unins000.exe

Filesize
3.0MB

MD5
11042202b0b85a77ee8b9be86fbb13b7

SHA1
75cc7bdf52ec7c9c3190e591943adc796ecad7ee

SHA256
3163419f7eaf1d9e93392c872a44f83820a0c0285632ed00472d0228525765c9

SHA512
375f9ff8a7a2425ca70a291738799dd2c44f3445fe6fa6708757149558e616b7a4ed40854be7707ce11c3f6b918bfab17706b9734b0288d26068252e24308ae9

Download Submit
C:\Program Files\Snap Inc\Snap Camera\vc_redist.x64.exe

Filesize
14.2MB

MD5
9f096b97d204078b443dbcbf18e0ebb0

SHA1
a55510a8c9708b2c68b39cd50bbcaf86e2c885f0

SHA256
4b5890eb1aefdf8dfa3234b5032147eb90f050c5758a80901b201ae969780107

SHA512
c606a3ac915a62608b71bd3114a9725746f17a882420c38eaf905c3433a95187bff61013b8cf1af2013cc504ab07726758388beef2063709af253ffd2d7572ec

Download Submit
C:\Program Files\Snap Inc\Snap Camera\vc_redist.x64.exe

Filesize
14.2MB

MD5
9f096b97d204078b443dbcbf18e0ebb0

SHA1
a55510a8c9708b2c68b39cd50bbcaf86e2c885f0

SHA256
4b5890eb1aefdf8dfa3234b5032147eb90f050c5758a80901b201ae969780107

SHA512
c606a3ac915a62608b71bd3114a9725746f17a882420c38eaf905c3433a95187bff61013b8cf1af2013cc504ab07726758388beef2063709af253ffd2d7572ec

Download Submit
C:\Program Files\Snap Inc\Snap Camera\vc_redist.x64.exe

Filesize
14.2MB

MD5
9f096b97d204078b443dbcbf18e0ebb0

SHA1
a55510a8c9708b2c68b39cd50bbcaf86e2c885f0

SHA256
4b5890eb1aefdf8dfa3234b5032147eb90f050c5758a80901b201ae969780107

SHA512
c606a3ac915a62608b71bd3114a9725746f17a882420c38eaf905c3433a95187bff61013b8cf1af2013cc504ab07726758388beef2063709af253ffd2d7572ec

Download Submit
C:\Program Files\Snap Inc\Snap Camera\vc_redist.x86.exe

Filesize
13.1MB

MD5
dd89ae7bc09cad5648524905d0f53214

SHA1
29e23dd7c19b03eb59304f9d1f8e7209c1167348

SHA256
cf92a10c62ffab83b4a2168f5f9a05e5588023890b5c0cc7ba89ed71da527b0f

SHA512
7174a4c0c90beef6c091f3b1065fd951c2ecf16aa6170af56c2b226f4d352f90e13afdb6bd3b61f81f0b1050482f21d3c3b61c0de379277459e4c966ec9e823e

Download Submit
C:\Program Files\Snap Inc\Snap Camera\vc_redist.x86.exe

Filesize
13.1MB

MD5
dd89ae7bc09cad5648524905d0f53214

SHA1
29e23dd7c19b03eb59304f9d1f8e7209c1167348

SHA256
cf92a10c62ffab83b4a2168f5f9a05e5588023890b5c0cc7ba89ed71da527b0f

SHA512
7174a4c0c90beef6c091f3b1065fd951c2ecf16aa6170af56c2b226f4d352f90e13afdb6bd3b61f81f0b1050482f21d3c3b61c0de379277459e4c966ec9e823e

Download Submit
C:\Program Files\Snap Inc\Snap Camera\vc_redist.x86.exe

Filesize
13.1MB

MD5
dd89ae7bc09cad5648524905d0f53214

SHA1
29e23dd7c19b03eb59304f9d1f8e7209c1167348

SHA256
cf92a10c62ffab83b4a2168f5f9a05e5588023890b5c0cc7ba89ed71da527b0f

SHA512
7174a4c0c90beef6c091f3b1065fd951c2ecf16aa6170af56c2b226f4d352f90e13afdb6bd3b61f81f0b1050482f21d3c3b61c0de379277459e4c966ec9e823e

Download Submit
C:\ProgramData\Package Cache\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}\VC_redist.x86.exe

Filesize
634KB

MD5
254bcff0bd40d24a331f2db7ad3fc266

SHA1
7c614fefa4e8ee974cea424ada2f1c3a669df6f4

SHA256
f5da3508f7201513aff013a1f1aa5164fcc248956efba739419592d94354b3cb

SHA512
367257e77baa450fc9b9243ea33b9b4e78d0b6333ad1b6ea2aafdfc7a66efb4d845725456a992903494d6493c77606b673fa798de60a259ecaedf79a7eef6063

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20230827004732_000_vcRuntimeMinimum_x86.log

Filesize
2KB

MD5
0bd0d6890dac2e4a31f82e75d8fa4b5c

SHA1
ada83527b289d0600f4d1206fbd3752fb164b97f

SHA256
e637805bb8cbe599095ac3b7c3610967e85bab9f6755c6d8583295372620940c

SHA512
209886ce8b11929eeaea86747788c757fca98f021a2c92da826be2bc306e9a86020c45207be9b4c3e4be483723e848033f79b82512704930fc136333b9278e7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20230827004732_001_vcRuntimeAdditional_x86.log

Filesize
2KB

MD5
9d5a26253ca1830e5477b17ed00e1a73

SHA1
883c93318582660f3e9179763cfa77ff5d7e724d

SHA256
6c03d1a3c1d4e71abd2cb19d765330f1da8859b2f13b75e4f03b9fcf9cb9ef4d

SHA512
9ec7d0c7c91dd8604581410b6dfee9fb248b2e07f2a4200e94c5eebd9d0e696674a90ec2092fccec74882f5edc6b964e5c8a2743fe57a0b1cd99a897c94e8ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8M78C.tmp\snap-camera-1.21.0-installer.tmp

Filesize
3.0MB

MD5
11042202b0b85a77ee8b9be86fbb13b7

SHA1
75cc7bdf52ec7c9c3190e591943adc796ecad7ee

SHA256
3163419f7eaf1d9e93392c872a44f83820a0c0285632ed00472d0228525765c9

SHA512
375f9ff8a7a2425ca70a291738799dd2c44f3445fe6fa6708757149558e616b7a4ed40854be7707ce11c3f6b918bfab17706b9734b0288d26068252e24308ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8M78C.tmp\snap-camera-1.21.0-installer.tmp

Filesize
3.0MB

MD5
11042202b0b85a77ee8b9be86fbb13b7

SHA1
75cc7bdf52ec7c9c3190e591943adc796ecad7ee

SHA256
3163419f7eaf1d9e93392c872a44f83820a0c0285632ed00472d0228525765c9

SHA512
375f9ff8a7a2425ca70a291738799dd2c44f3445fe6fa6708757149558e616b7a4ed40854be7707ce11c3f6b918bfab17706b9734b0288d26068252e24308ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HGV1C.tmp\snap-camera-1.21.0-installer_ags-7s1.tmp

Filesize
3.1MB

MD5
1a51650b3468d67aa6cfe54d6eae72b3

SHA1
f6d14c561378f77e71e5e4bb9246472fbb53ffd8

SHA256
5f5664d5c97052a80251821f44f576a58d7c3390946ec818b12899fafa34a558

SHA512
2a57303fc5738f759166199a31496aaa7a3dc7a6e89a64b061a21cb1c03cb42f79238de74ce28c8acc0786634c36024c2ed895838941bd4f5ba49768b9dfb665

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PCCL4.tmp\WebAdvisor.png

Filesize
47KB

MD5
a9370c82fe9d274a76dd93186ffa7feb

SHA1
2ed72c87d824124a92771fe7bf689da5cff66ae4

SHA256
4ffa52229a4003374c3cb07307278e976bf63e8df0b9dd5628095f36fa3a8e95

SHA512
e39b5369b44449657e82822d8fe6715487fd63af5f9eca5eef76debd25cf7e5e0bd4cfe74ec594b31596e758dd3ca7e1423c7ed36464ecd82acbbaaade14e2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PCCL4.tmp\mainlogo.jpg

Filesize
3KB

MD5
15b89d1c7deb20e76c7b3925e7ed89b9

SHA1
d402b294c9ca09efa430f7697c9e4caa6f4ef3ea

SHA256
33ae82c18db9095005e22d4831f967b8abe8f52a54c93c7ce304dcedaa24a225

SHA512
89bcf13b9f6eeba66aa5f89109a2913fc43cacd4199a738c75f27b7af4b00bafd76da104abd06221e4307f1d347e99fb4ed420197ff0d1590c95880e5c4af002

Download Submit
C:\Users\Admin\AppData\Local\Temp\{29A24~1\SnapCameraVirtualDevice.cat

Filesize
10KB

MD5
26d5be24533345c415ff9a56380f18b0

SHA1
8387320053af213e74dfae50871d17b9152ca1dc

SHA256
13deec4b84dd4a61e8da2c061a41de796a46e34a3e43dff4e35b628766d29d3a

SHA512
d93fd43ba305f856cab666b7ddfe91ccc25128a6dbf4cbcfb795f9ba976de8a69948f5ae3a6f03b257bd033832ed0fa3581916fe0f70a79f6c1192a74096d303

Download Submit
C:\Users\Admin\AppData\Local\Temp\{29A24~1\SnapCameraVirtualDevice.sys

Filesize
889KB

MD5
27e17f49e1fd10cb9f8d15dde19a170c

SHA1
c804466ced1ce1f05db1f7de72f9b00bb0341148

SHA256
baa9ff3aca790d2826d2b4ae7ef67686fbba9f0fbb9c8151862008d7c6b26ded

SHA512
46e21f30f6e40e01b717a1d11247acf07ce3f024ef8554e1c87c3ad210ec9c0f2b69e487197ea3f0874a5fd1429db510beb61efaa96a0fbb6b266f5074a18eb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{29a2461c-ad6f-a94f-844d-68909b40c985}\SnapCameraVirtualDevice.cat

Filesize
10KB

MD5
26d5be24533345c415ff9a56380f18b0

SHA1
8387320053af213e74dfae50871d17b9152ca1dc

SHA256
13deec4b84dd4a61e8da2c061a41de796a46e34a3e43dff4e35b628766d29d3a

SHA512
d93fd43ba305f856cab666b7ddfe91ccc25128a6dbf4cbcfb795f9ba976de8a69948f5ae3a6f03b257bd033832ed0fa3581916fe0f70a79f6c1192a74096d303

Download Submit
C:\Users\Admin\AppData\Local\Temp\{29a2461c-ad6f-a94f-844d-68909b40c985}\SnapCameraVirtualDevice.sys

Filesize
1.8MB

MD5
9ae5237195fb9cd6f72f1396d95ee375

SHA1
7469ea61f8c3c534af2531ef00f2b0a3de05d32b

SHA256
cceb8ce932ec7781c95985988cdd8772987c5f5197dbe3f47240554c4df43916

SHA512
ffab7b002ca3e9d2f135275540d4e380e18369e539175b3a863d4edc02305d7e961245ab9f356bb2b493eb975aaaed1ad91941386726a2d904c30b46f44fd71f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{29a2461c-ad6f-a94f-844d-68909b40c985}\snapcameravirtualdevice.inf

Filesize
1KB

MD5
b6adb2eaa4a9eeedf25b80fc5cb15113

SHA1
3d738e9c91396f649626a6a00670de1eae69e380

SHA256
0f9d7039079de19e1364d92955cf07a3dfff706b08bbf3c771011e8843aa3836

SHA512
41c70805eb182286c7813248bcc7ac1d5a98664184d947784ff995dcc1fbb407c561576663bf5aa0978982d7c0b2c940e2395f802ee9ce444bd88a2efbffe178

Download Submit
C:\Users\Admin\AppData\Local\Temp\{29a2461c-ad6f-a94f-844d-68909b40c985}\snapcameravirtualdevice.inf

Filesize
1KB

MD5
b6adb2eaa4a9eeedf25b80fc5cb15113

SHA1
3d738e9c91396f649626a6a00670de1eae69e380

SHA256
0f9d7039079de19e1364d92955cf07a3dfff706b08bbf3c771011e8843aa3836

SHA512
41c70805eb182286c7813248bcc7ac1d5a98664184d947784ff995dcc1fbb407c561576663bf5aa0978982d7c0b2c940e2395f802ee9ce444bd88a2efbffe178

Download Submit
C:\Users\Admin\Downloads\snap-camera-1.21.0-installer.exe

Filesize
163.9MB

MD5
ec0816368314db8a35ddf06784ffadfe

SHA1
a196fe5ced9018d839fa0b827fb89ac3a41fc408

SHA256
0d71ba3b05862979b5b6ce00808901bf9d762f7a607c60179344253f5c8e1a4c

SHA512
1b33fbabd277a3618fdcc3aaad441b45bdbf809ac58653e3fc4ac6b33f90bf16c82264109f079aa7ee869c297d315d2695ccaab4d1353079220782aa44fc306a

Download Submit
C:\Users\Admin\Downloads\snap-camera-1.21.0-installer.exe

Filesize
163.9MB

MD5
ec0816368314db8a35ddf06784ffadfe

SHA1
a196fe5ced9018d839fa0b827fb89ac3a41fc408

SHA256
0d71ba3b05862979b5b6ce00808901bf9d762f7a607c60179344253f5c8e1a4c

SHA512
1b33fbabd277a3618fdcc3aaad441b45bdbf809ac58653e3fc4ac6b33f90bf16c82264109f079aa7ee869c297d315d2695ccaab4d1353079220782aa44fc306a

Download Submit
C:\Users\Admin\Downloads\snap-camera-1.21.0-installer.exe

Filesize
163.9MB

MD5
ec0816368314db8a35ddf06784ffadfe

SHA1
a196fe5ced9018d839fa0b827fb89ac3a41fc408

SHA256
0d71ba3b05862979b5b6ce00808901bf9d762f7a607c60179344253f5c8e1a4c

SHA512
1b33fbabd277a3618fdcc3aaad441b45bdbf809ac58653e3fc4ac6b33f90bf16c82264109f079aa7ee869c297d315d2695ccaab4d1353079220782aa44fc306a

Download Submit
C:\Windows\Installer\e59f98a.msi

Filesize
180KB

MD5
8c41d3f8a632285bc46198799434b166

SHA1
bb2af3c4bcf0a0d9f3f344f6c2e63080abc7d76f

SHA256
0f199de8d44eb10ff48d971a09e0ca0f8938163556a69fe6bbab39df182196fa

SHA512
aea364c2fe6a960c4db96ddaa6a5e4aa7f0eae949d88fae5c32d1331393a35795f28fbc5d6bbd76f179ba852152c075af55a9e312b3ed8d1604fe7bf66b31995

Download Submit
C:\Windows\Temp\{1C8C94E0-0F99-477E-8F35-12B874E3DA89}\.ba\3082\thm.wxl

Filesize
3KB

MD5
47f9f8d342c9c22d0c9636bc7362fa8f

SHA1
3922d1589e284ce76ab39800e2b064f71123c1c5

SHA256
9cbb2b312c100b309a1b1495e84e2228b937612885f7a642fbbd67969b632c3a

SHA512
e458df875e9b0622aebe3c1449868aa6a2826a1f851db71165a872b2897cf870ccf85046944ff51ffc13bb15e54e9d9424ec36caf5a2f38ce8b7d6dc0e9b2363

Download Submit
C:\Windows\Temp\{1C8C94E0-0F99-477E-8F35-12B874E3DA89}\.ba\thm.xml

Filesize
8KB

MD5
f62729c6d2540015e072514226c121c7

SHA1
c1e189d693f41ac2eafcc363f7890fc0fea6979c

SHA256
f13bae0ec08c91b4a315bb2d86ee48fade597e7a5440dce6f751f98a3a4d6916

SHA512
cbbfbfa7e013a2b85b78d71d32fdf65323534816978e7544ca6cea5286a0f6e8e7e5ffc4c538200211f11b94373d5658732d5d8aa1d01f9ccfdbf20f154f1471

Download Submit
C:\Windows\Temp\{1C8C94E0-0F99-477E-8F35-12B874E3DA89}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{407F27A0-AD4B-4981-A5F0-0AF3E479C069}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{407F27A0-AD4B-4981-A5F0-0AF3E479C069}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{407F27A0-AD4B-4981-A5F0-0AF3E479C069}\.be\VC_redist.x86.exe

Filesize
634KB

MD5
254bcff0bd40d24a331f2db7ad3fc266

SHA1
7c614fefa4e8ee974cea424ada2f1c3a669df6f4

SHA256
f5da3508f7201513aff013a1f1aa5164fcc248956efba739419592d94354b3cb

SHA512
367257e77baa450fc9b9243ea33b9b4e78d0b6333ad1b6ea2aafdfc7a66efb4d845725456a992903494d6493c77606b673fa798de60a259ecaedf79a7eef6063

Download Submit
C:\Windows\Temp\{407F27A0-AD4B-4981-A5F0-0AF3E479C069}\.be\VC_redist.x86.exe

Filesize
634KB

MD5
254bcff0bd40d24a331f2db7ad3fc266

SHA1
7c614fefa4e8ee974cea424ada2f1c3a669df6f4

SHA256
f5da3508f7201513aff013a1f1aa5164fcc248956efba739419592d94354b3cb

SHA512
367257e77baa450fc9b9243ea33b9b4e78d0b6333ad1b6ea2aafdfc7a66efb4d845725456a992903494d6493c77606b673fa798de60a259ecaedf79a7eef6063

Download Submit
C:\Windows\Temp\{407F27A0-AD4B-4981-A5F0-0AF3E479C069}\.be\VC_redist.x86.exe

Filesize
634KB

MD5
254bcff0bd40d24a331f2db7ad3fc266

SHA1
7c614fefa4e8ee974cea424ada2f1c3a669df6f4

SHA256
f5da3508f7201513aff013a1f1aa5164fcc248956efba739419592d94354b3cb

SHA512
367257e77baa450fc9b9243ea33b9b4e78d0b6333ad1b6ea2aafdfc7a66efb4d845725456a992903494d6493c77606b673fa798de60a259ecaedf79a7eef6063

Download Submit
C:\Windows\Temp\{407F27A0-AD4B-4981-A5F0-0AF3E479C069}\cab54A5CABBE7274D8A22EB58060AAB7623

Filesize
752KB

MD5
83b017a403b0f62a7c39890d0dfee8eb

SHA1
5e0c0cb0d230cf71f0282552a82f4235f3e3bd5b

SHA256
a8a4e86c305d92faf4a7a6fbd164084c47ffa389d18806747a8a346d2310864d

SHA512
3ba23417ca5912b9c3e803d810e188fe0bcbfe21946ed7c75a58a167b4abf572facb99de4f8e603765d81e333f681fff089e0f3fd266298f2152aa451e4bc880

Download Submit
C:\Windows\Temp\{407F27A0-AD4B-4981-A5F0-0AF3E479C069}\cabB3E1576D1FEFBB979E13B1A5379E0B16

Filesize
4.9MB

MD5
6122bdaa229d0e99678c04102d9b3d97

SHA1
cfabd628b7d306a9419022ef708655b33c7a9370

SHA256
b6f0a8d8b145a99f9d48a1fcf04a7b8f92b34c9b89b4aafbe40809dd7dd4b933

SHA512
78760c5a650828313e6617fcabd84693cab50de4371b53fd94c14cfd127a1c89c4d139ae0325d86229762f9041dd139bf5679c8e6918a9de62cfdea2be71d919

Download Submit
C:\Windows\Temp\{407F27A0-AD4B-4981-A5F0-0AF3E479C069}\vcRuntimeAdditional_x86

Filesize
180KB

MD5
8a75050f161c833a40d0f62908acb88d

SHA1
c95b1f380323892967438bc2c9eb3c9f9c5661f5

SHA256
c69307aade83ceca5182210e0bbcc033352aa669b18b5525195771d821d43094

SHA512
aeed4b61ab3e9b2e455d6c707ab566c07a6b04912b1ac52a5ec62dec4383ae42fca84b370359947c6b9b38ad85dc0d47fa1bc023a74f1326a98d21e0fe808de9

Download Submit
C:\Windows\Temp\{407F27A0-AD4B-4981-A5F0-0AF3E479C069}\vcRuntimeMinimum_x86

Filesize
180KB

MD5
8c41d3f8a632285bc46198799434b166

SHA1
bb2af3c4bcf0a0d9f3f344f6c2e63080abc7d76f

SHA256
0f199de8d44eb10ff48d971a09e0ca0f8938163556a69fe6bbab39df182196fa

SHA512
aea364c2fe6a960c4db96ddaa6a5e4aa7f0eae949d88fae5c32d1331393a35795f28fbc5d6bbd76f179ba852152c075af55a9e312b3ed8d1604fe7bf66b31995

Download Submit
C:\Windows\Temp\{5F6B9120-464A-4714-A6F4-305F6AE151BA}\.cr\vc_redist.x64.exe

Filesize
632KB

MD5
968e1c550c1254a3d5f63f4a78ac3b2b

SHA1
1b1427bf86c326e1f402887af5082653129cf03e

SHA256
bd6e4dae56565a5be06b849a596ff2a552b2d89de96014f0dbbce5d8e4ab39f6

SHA512
d5b53a0a7fbc5316228e101ebc753df373c2d795dc89678f33280bc4835cd400edf653ea9f7b0dbf6d03c31048ebc88ae17d9618ea3a805f96ca71502299515f

Download Submit
C:\Windows\Temp\{5F6B9120-464A-4714-A6F4-305F6AE151BA}\.cr\vc_redist.x64.exe

Filesize
632KB

MD5
968e1c550c1254a3d5f63f4a78ac3b2b

SHA1
1b1427bf86c326e1f402887af5082653129cf03e

SHA256
bd6e4dae56565a5be06b849a596ff2a552b2d89de96014f0dbbce5d8e4ab39f6

SHA512
d5b53a0a7fbc5316228e101ebc753df373c2d795dc89678f33280bc4835cd400edf653ea9f7b0dbf6d03c31048ebc88ae17d9618ea3a805f96ca71502299515f

Download Submit
C:\Windows\Temp\{A4F5F3B9-C457-488C-B0DB-51FA3BE8D13A}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{A4F5F3B9-C457-488C-B0DB-51FA3BE8D13A}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{B3EDEBDA-FB85-4B28-9605-1EB7C6ABE665}\.cr\vc_redist.x86.exe

Filesize
634KB

MD5
254bcff0bd40d24a331f2db7ad3fc266

SHA1
7c614fefa4e8ee974cea424ada2f1c3a669df6f4

SHA256
f5da3508f7201513aff013a1f1aa5164fcc248956efba739419592d94354b3cb

SHA512
367257e77baa450fc9b9243ea33b9b4e78d0b6333ad1b6ea2aafdfc7a66efb4d845725456a992903494d6493c77606b673fa798de60a259ecaedf79a7eef6063

Download Submit
C:\Windows\Temp\{B3EDEBDA-FB85-4B28-9605-1EB7C6ABE665}\.cr\vc_redist.x86.exe

Filesize
634KB

MD5
254bcff0bd40d24a331f2db7ad3fc266

SHA1
7c614fefa4e8ee974cea424ada2f1c3a669df6f4

SHA256
f5da3508f7201513aff013a1f1aa5164fcc248956efba739419592d94354b3cb

SHA512
367257e77baa450fc9b9243ea33b9b4e78d0b6333ad1b6ea2aafdfc7a66efb4d845725456a992903494d6493c77606b673fa798de60a259ecaedf79a7eef6063

Download Submit
\??\c:\PROGRA~1\SNAPIN~1\SNAPCA~1\driver\SNAPCA~1.SYS

Filesize
2.0MB

MD5
380744a0562c67bfe2bb6c8bc72b5486

SHA1
ae17e1f6e64e3661be08ffafb3bd0ad67bcece65

SHA256
4676ee9ea078ea7df110c4a34a4c67c0d6a8d86eaabb970bd492009c1e50721c

SHA512
bc7988198cb6a93a6e4f6a62b46b2c0fceebe2d67bdc3ac98a542694a03a2c76d9899c19e0d4afedf7804501006512009193820596b26d47cb06ccdb592a8087

Download Submit
\??\c:\program files\snap inc\snap camera\driver\SnapCameraVirtualDevice.cat

Filesize
10KB

MD5
26d5be24533345c415ff9a56380f18b0

SHA1
8387320053af213e74dfae50871d17b9152ca1dc

SHA256
13deec4b84dd4a61e8da2c061a41de796a46e34a3e43dff4e35b628766d29d3a

SHA512
d93fd43ba305f856cab666b7ddfe91ccc25128a6dbf4cbcfb795f9ba976de8a69948f5ae3a6f03b257bd033832ed0fa3581916fe0f70a79f6c1192a74096d303

Download Submit
memory/1248-29-0x0000000004DA0000-0x0000000004EE0000-memory.dmp

Filesize
1.2MB

Download
memory/1248-77-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1248-6-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/1248-19-0x0000000004DA0000-0x0000000004EE0000-memory.dmp

Filesize
1.2MB

Download
memory/1248-20-0x0000000004DA0000-0x0000000004EE0000-memory.dmp

Filesize
1.2MB

Download
memory/1248-23-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/1248-65-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1248-24-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1248-49-0x0000000004DA0000-0x0000000004EE0000-memory.dmp

Filesize
1.2MB

Download
memory/1248-33-0x0000000004DA0000-0x0000000004EE0000-memory.dmp

Filesize
1.2MB

Download
memory/1248-28-0x0000000004DA0000-0x0000000004EE0000-memory.dmp

Filesize
1.2MB

Download
memory/1248-30-0x0000000004DA0000-0x0000000004EE0000-memory.dmp

Filesize
1.2MB

Download
memory/1248-32-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1584-1585-0x0000000000400000-0x0000000000718000-memory.dmp

Filesize
3.1MB

Download
memory/1584-101-0x0000000000400000-0x0000000000718000-memory.dmp

Filesize
3.1MB

Download
memory/1584-2370-0x0000000000400000-0x0000000000718000-memory.dmp

Filesize
3.1MB

Download
memory/1584-81-0x0000000000400000-0x0000000000718000-memory.dmp

Filesize
3.1MB

Download
memory/1584-2089-0x0000000000400000-0x0000000000718000-memory.dmp

Filesize
3.1MB

Download
memory/1584-82-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/1584-72-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2680-64-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/2680-80-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/3756-79-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3756-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3756-21-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download