88e0b4c4aa4ce5a42ed2f2e67a8df1646d0237ee3ec8ad2ae4cd6db94332f357

Analysis

max time kernel
135s
max time network
137s
platform
windows10-1703_x64
resource
win10-20230915-es
resource tags

arch:x64arch:x86image:win10-20230915-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
22/09/2023, 21:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Deemix Windows (www.tecnotutoshd.net).exe
Size

53.8MB
MD5

886a9de876dfc1f5254b27c220bd8d53
SHA1

350bdd8622cfb718cba82cdd4d95ac09ce06b063
SHA256

88e0b4c4aa4ce5a42ed2f2e67a8df1646d0237ee3ec8ad2ae4cd6db94332f357
SHA512

50df00e67821e4cb2c6f6bd67ca164f7f9aab9d27c536f30032a970cbc314977c355d766d2a45335884d5b90e504e2d338e8ca49b7c5a0dcef2e01f97a4afb69
SSDEEP

1572864:tTFwmfM3i4PzMOko5wkOW2sXqN7DlsShaYslXfDOonTP:tTF+3i6d3ocXm7JsmKvDOuP

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	deemix-gui.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	deemix-gui.exe

Executes dropped EXE 4 IoCs

pid	Process
4260	deemix-gui.exe
4192	deemix-gui.exe
3516	deemix-gui.exe
4108	deemix-gui.exe

Loads dropped DLL 17 IoCs

pid	Process
4660	Deemix Windows (www.tecnotutoshd.net).exe
4660	Deemix Windows (www.tecnotutoshd.net).exe
4660	Deemix Windows (www.tecnotutoshd.net).exe
4660	Deemix Windows (www.tecnotutoshd.net).exe
4660	Deemix Windows (www.tecnotutoshd.net).exe
4660	Deemix Windows (www.tecnotutoshd.net).exe
4660	Deemix Windows (www.tecnotutoshd.net).exe
4660	Deemix Windows (www.tecnotutoshd.net).exe
4660	Deemix Windows (www.tecnotutoshd.net).exe
4660	Deemix Windows (www.tecnotutoshd.net).exe
4260	deemix-gui.exe
4192	deemix-gui.exe
3516	deemix-gui.exe
4108	deemix-gui.exe
4192	deemix-gui.exe
4192	deemix-gui.exe
4192	deemix-gui.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
4108	tasklist.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4660	Deemix Windows (www.tecnotutoshd.net).exe
4660	Deemix Windows (www.tecnotutoshd.net).exe
4108	tasklist.exe
4108	tasklist.exe
3516	deemix-gui.exe
3516	deemix-gui.exe
4108	deemix-gui.exe
4108	deemix-gui.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4108	tasklist.exe
Token: SeSecurityPrivilege	4660	Deemix Windows (www.tecnotutoshd.net).exe

Suspicious use of WriteProcessMemory 57 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 4756	4660	Deemix Windows (www.tecnotutoshd.net).exe	70
PID 4660 wrote to memory of 4756	4660	Deemix Windows (www.tecnotutoshd.net).exe	70
PID 4660 wrote to memory of 4756	4660	Deemix Windows (www.tecnotutoshd.net).exe	70
PID 4756 wrote to memory of 4108	4756	cmd.exe	72
PID 4756 wrote to memory of 4108	4756	cmd.exe	72
PID 4756 wrote to memory of 4108	4756	cmd.exe	72
PID 4756 wrote to memory of 3944	4756	cmd.exe	73
PID 4756 wrote to memory of 3944	4756	cmd.exe	73
PID 4756 wrote to memory of 3944	4756	cmd.exe	73
PID 4260 wrote to memory of 3132	4260	deemix-gui.exe	79
PID 4260 wrote to memory of 3132	4260	deemix-gui.exe	79
PID 3132 wrote to memory of 2836	3132	cmd.exe	81
PID 3132 wrote to memory of 2836	3132	cmd.exe	81
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 4192	4260	deemix-gui.exe	82
PID 4260 wrote to memory of 3516	4260	deemix-gui.exe	83
PID 4260 wrote to memory of 3516	4260	deemix-gui.exe	83
PID 4260 wrote to memory of 4108	4260	deemix-gui.exe	84
PID 4260 wrote to memory of 4108	4260	deemix-gui.exe	84

C:\Users\Admin\AppData\Local\Temp\Deemix Windows (www.tecnotutoshd.net).exe
"C:\Users\Admin\AppData\Local\Temp\Deemix Windows (www.tecnotutoshd.net).exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq deemix-gui.exe" | find "deemix-gui.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4756
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq deemix-gui.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4108
- - C:\Windows\SysWOW64\find.exe
    find "deemix-gui.exe"
    3⤵
    PID:3944

C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe
"C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3132
- - C:\Windows\system32\reg.exe
    reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
    3⤵
    PID:2836
- C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe
  "C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe" --type=gpu-process --field-trial-handle=1840,4202466500657640270,11785584672938561165,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\deemix-gui" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4192
- C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe
  "C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,4202466500657640270,11785584672938561165,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\deemix-gui" --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe
  "C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\deemix-gui" --app-path="C:\Users\Admin\AppData\Local\Programs\deemix-gui\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1840,4202466500657640270,11785584672938561165,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\deemix-gui\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\chrome_100_percent.pak

Filesize
139KB

MD5
109ee8ffd715c63e3e2248c2ad5ca559

SHA1
7f89b213e80e2b4f52f75b449baecb88054d5e07

SHA256
b581f176c6bdbf8a152947fb37af9c0e6d7651616408cb7312b336c37a704580

SHA512
3fc5e1de128ce0ddf6dddba758a651f4030323e5285b54859019eb95fb0ae11321ba9c391e8bc578acb7f49dd4d82821c4f9947f39972d79360fd2e6abc67de8

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\chrome_200_percent.pak

Filesize
203KB

MD5
3e50e56e351309566b7e3e5a5ca7c7b6

SHA1
3ef35792e0b9c3b902d4da59d0a4bb34590c5400

SHA256
abd207d3e55f0250b27ce23f2a15b0a5ff6f769c08f54e705e2fd0273dca5f1e

SHA512
b24b20fe5dd9766b86869c51b6d92fd3b191bc3a2cac8a4b43b781644958b49500a0fca3fc69781d9c5a80868508f1fa0af9bc1896dc73f944cf1af8546815f0

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe

Filesize
130.8MB

MD5
a933fc57fe6943c53deb9511296fceec

SHA1
8f279df587a401df76c7a97387c91345fbb6a344

SHA256
b18e0ec04d0f2e14131c4af7bdc1c5ffb32b44f73551b92031a8c505b8d9a73b

SHA512
5a0f087980237d3c118bd7388030f1d4da218bdb340ed0469f98f6c942e857fe03dd85bbcb89f6c2efc395239450f164baabef45e896895c92f71cde88bc020d

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe

Filesize
130.8MB

MD5
a933fc57fe6943c53deb9511296fceec

SHA1
8f279df587a401df76c7a97387c91345fbb6a344

SHA256
b18e0ec04d0f2e14131c4af7bdc1c5ffb32b44f73551b92031a8c505b8d9a73b

SHA512
5a0f087980237d3c118bd7388030f1d4da218bdb340ed0469f98f6c942e857fe03dd85bbcb89f6c2efc395239450f164baabef45e896895c92f71cde88bc020d

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe

Filesize
130.8MB

MD5
a933fc57fe6943c53deb9511296fceec

SHA1
8f279df587a401df76c7a97387c91345fbb6a344

SHA256
b18e0ec04d0f2e14131c4af7bdc1c5ffb32b44f73551b92031a8c505b8d9a73b

SHA512
5a0f087980237d3c118bd7388030f1d4da218bdb340ed0469f98f6c942e857fe03dd85bbcb89f6c2efc395239450f164baabef45e896895c92f71cde88bc020d

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe

Filesize
130.8MB

MD5
a933fc57fe6943c53deb9511296fceec

SHA1
8f279df587a401df76c7a97387c91345fbb6a344

SHA256
b18e0ec04d0f2e14131c4af7bdc1c5ffb32b44f73551b92031a8c505b8d9a73b

SHA512
5a0f087980237d3c118bd7388030f1d4da218bdb340ed0469f98f6c942e857fe03dd85bbcb89f6c2efc395239450f164baabef45e896895c92f71cde88bc020d

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe

Filesize
130.8MB

MD5
a933fc57fe6943c53deb9511296fceec

SHA1
8f279df587a401df76c7a97387c91345fbb6a344

SHA256
b18e0ec04d0f2e14131c4af7bdc1c5ffb32b44f73551b92031a8c505b8d9a73b

SHA512
5a0f087980237d3c118bd7388030f1d4da218bdb340ed0469f98f6c942e857fe03dd85bbcb89f6c2efc395239450f164baabef45e896895c92f71cde88bc020d

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\deemix-gui.exe

Filesize
130.8MB

MD5
a933fc57fe6943c53deb9511296fceec

SHA1
8f279df587a401df76c7a97387c91345fbb6a344

SHA256
b18e0ec04d0f2e14131c4af7bdc1c5ffb32b44f73551b92031a8c505b8d9a73b

SHA512
5a0f087980237d3c118bd7388030f1d4da218bdb340ed0469f98f6c942e857fe03dd85bbcb89f6c2efc395239450f164baabef45e896895c92f71cde88bc020d

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\ffmpeg.dll

Filesize
2.6MB

MD5
002287b5dfe53d87c189f368c7f785b5

SHA1
00e6e0e224b5f391c0172008ec78ec5124153649

SHA256
b453afca000aef28c8f27a315a31f244c46755308dea8d9ad55d19a507471a6b

SHA512
c2b23dd13e3f1c009e2eb2e4aae7a9a4e713642a9031c1e51125c9f0c6c8c6430a2088dd5c20867a2e948c97ae9a9078535e96b5d06ea6c7bd7f67a2db2104aa

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\icudtl.dat

Filesize
9.7MB

MD5
224ba45e00bbbb237b34f0facbb550bf

SHA1
1b0f81da88149d9c610a8edf55f8f12a87ca67de

SHA256
8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc

SHA512
c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\libegl.dll

Filesize
432KB

MD5
6efa8068776b4eadb3b9dfdef089ca68

SHA1
fa2023ecbcae030cddff3188c9d3c906cc69a64f

SHA256
fa59945648614e0ebf9f8eaf63500347da59a0d2e7484b6b5d4be6cf6ee917de

SHA512
70e6749841a384daa65f284c5d7a8afa358b03b38cc091819aa5545960834b9b4a394eccc19c0a1e290c5b33fbaaa56bd1d6d988b5da0a34e2e56dacde5b17d4

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\libglesv2.dll

Filesize
7.8MB

MD5
cdc3935fa97855b4f9d692702ea95ef9

SHA1
68939afd7f1f4a470d9328b068250c0b5fbab2c2

SHA256
eea91ba71fdec104e8d7c9fd24687ec4f1c308d79d6730ef58127a92025cc006

SHA512
3cdbd833e8311023d673315c2aebc8e19a17e5767dfa40ca2646ee094eeef27117961f581aaa4584fc639e9ec0195f98ea5454b397cf1cd2709b7772207381b5

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\locales\es.pak

Filesize
114KB

MD5
c7849e2c968c78cc4de1447395dbf8dc

SHA1
a8641721822c29c38eaea10a17c957d9712557ab

SHA256
2a5c127356c37feba93144ddf4184887ea75c51e5a109dc658aca99f658be83b

SHA512
d24471bd148bd7614826310b87f4bcef22c7db59d99ac7432760ca826458cc8059e9903c3f3166eca3301a57229454d892c61df51c1fe307bab33cc0c93dea66

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\resources.pak

Filesize
4.6MB

MD5
d98298d188d7ebed9b3e89a822f95df7

SHA1
a50523cc15f47abb6f1b50982db454e4e956ebc8

SHA256
0acd9cafd7c4fac398e85a6e008bad6d7ad34f90b0bfd207df330d3e69bcfa75

SHA512
24cd58294f12f0541d49d180c23b89796596a599d1fc4346d8155b552d765bad0e759c85dded98cf4f3c74ec150b98baf27528f0e864fd37f71dd41c90345791

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\resources\app.asar

Filesize
6.0MB

MD5
0d399791b7fe6e0d7d205db7589cd942

SHA1
0fb6d883fb6702221a4df5d01e34ddf6c45b1d06

SHA256
55cd53ac6df3039439ab7973784947d2d59d3da47bef3bed2d8551b9b7dbccf2

SHA512
85b8500cd1d48da0bf5a9a859a1a7d25881499f9d2fad7fe98cdbd8b752f9087b4c47194d236444fd6d90d0b0e40e2e8198cf87f14c32eac71555c015fe06226

Download Submit
C:\Users\Admin\AppData\Local\Programs\deemix-gui\v8_context_snapshot.bin

Filesize
160KB

MD5
1c153a96607d3e2c38f11a396533fc80

SHA1
42d11efbaa549ade29c341e6b8ad5a0545047c62

SHA256
18ad1a1abeec0230f2a3e38a80c00d4e298bb55d2bb76a2c8e8b113814023815

SHA512
c3ed01af43532d75c845152f35e844f730f6c7ee14f59ef77222a9b62c52354b4c995fc32b95369d888353da56c308dd32cdec97d34d2aab968e426018416248

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgB065.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgB065.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Roaming\deemix-gui\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
122b068d752619dcf1fa925bc464bc89

SHA1
67142ee6104f782505d8041069dcfb75de3972fe

SHA256
b73f36feb18bdc5c0492b71dba1ca6d2ec9613f0364209c90be61c2f4645dd36

SHA512
1bd14580e0427d1c390a4558c116f499ef15fceec7596ce29f68cbdf0a70bd4d851c45c9623b43d219b5fc80e6d325e195431e18c1bbc131fe0c581acc372676

Download Submit
C:\Users\Admin\AppData\Roaming\deemix-gui\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c91f65dc3910c3347accdd204a8688c4

SHA1
c0b9eff2be5fd081445f887d567c28ee62fc135f

SHA256
1b0d78d7f0c6bc53c9771dcf3e5a9ad94effa59f3d7d2a4b76444f0d68ae5373

SHA512
2e51e5a70e49209832ee4ba6b247300aa10a8f119ec2c1e80ea53a1ca3e99debf7f7412d36edc328a35a3d70ff2258bcefc08e0a3711ee5b701a64388062e858

Download Submit
C:\Users\Admin\AppData\Roaming\deemix-gui\Network Persistent State

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Roaming\deemix-gui\Network Persistent State

Filesize
636B

MD5
04a19e8d1eb55b73da507b2845d891a1

SHA1
b0b337cdc6f75a6c24caea42a947c5eef28d68b8

SHA256
b50b85cafe3a9cdb7243f2079707e19ab4e03e730f02e089f1ec7261ed78e366

SHA512
8afe827866869f3d50f0c90a2b6805d3f43b8da63e014361128679dd08fd31a57e976d5bbfc78ce0d72964d943efe7c0fb30939febe9adfaf5a59edb59c84d18

Download Submit
C:\Users\Admin\AppData\Roaming\deemix-gui\Network Persistent State~RFe59072a.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\deemix-gui\cfc812c7-452b-4f1e-a62f-13cbbe390c4d.tmp

Filesize
86B

MD5
8a9bbc2f833ed90104d3e81732369d1c

SHA1
488256a8361ef1496ad01a67dbf5eb4149aef667

SHA256
eccd0ffbf81c7646a3a23e4727206b08596cbc0c36597ddb13a8c6906ed89115

SHA512
ee423d4ceb3bfbd8a6d61cc48077e92c2f764d0135d58d07f2c742de9e936a86059d60c08998918fadb0e3e66eb25b3bdd49e4bb95e7a67dada71fc487a345ef

Download Submit
\Users\Admin\AppData\Local\Programs\deemix-gui\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Local\Programs\deemix-gui\ffmpeg.dll

Filesize
2.6MB

MD5
002287b5dfe53d87c189f368c7f785b5

SHA1
00e6e0e224b5f391c0172008ec78ec5124153649

SHA256
b453afca000aef28c8f27a315a31f244c46755308dea8d9ad55d19a507471a6b

SHA512
c2b23dd13e3f1c009e2eb2e4aae7a9a4e713642a9031c1e51125c9f0c6c8c6430a2088dd5c20867a2e948c97ae9a9078535e96b5d06ea6c7bd7f67a2db2104aa

Download Submit
\Users\Admin\AppData\Local\Programs\deemix-gui\ffmpeg.dll

Filesize
2.6MB

MD5
002287b5dfe53d87c189f368c7f785b5

SHA1
00e6e0e224b5f391c0172008ec78ec5124153649

SHA256
b453afca000aef28c8f27a315a31f244c46755308dea8d9ad55d19a507471a6b

SHA512
c2b23dd13e3f1c009e2eb2e4aae7a9a4e713642a9031c1e51125c9f0c6c8c6430a2088dd5c20867a2e948c97ae9a9078535e96b5d06ea6c7bd7f67a2db2104aa

Download Submit
\Users\Admin\AppData\Local\Programs\deemix-gui\ffmpeg.dll

Filesize
2.6MB

MD5
002287b5dfe53d87c189f368c7f785b5

SHA1
00e6e0e224b5f391c0172008ec78ec5124153649

SHA256
b453afca000aef28c8f27a315a31f244c46755308dea8d9ad55d19a507471a6b

SHA512
c2b23dd13e3f1c009e2eb2e4aae7a9a4e713642a9031c1e51125c9f0c6c8c6430a2088dd5c20867a2e948c97ae9a9078535e96b5d06ea6c7bd7f67a2db2104aa

Download Submit
\Users\Admin\AppData\Local\Programs\deemix-gui\ffmpeg.dll

Filesize
2.6MB

MD5
002287b5dfe53d87c189f368c7f785b5

SHA1
00e6e0e224b5f391c0172008ec78ec5124153649

SHA256
b453afca000aef28c8f27a315a31f244c46755308dea8d9ad55d19a507471a6b

SHA512
c2b23dd13e3f1c009e2eb2e4aae7a9a4e713642a9031c1e51125c9f0c6c8c6430a2088dd5c20867a2e948c97ae9a9078535e96b5d06ea6c7bd7f67a2db2104aa

Download Submit
\Users\Admin\AppData\Local\Programs\deemix-gui\libEGL.dll

Filesize
432KB

MD5
6efa8068776b4eadb3b9dfdef089ca68

SHA1
fa2023ecbcae030cddff3188c9d3c906cc69a64f

SHA256
fa59945648614e0ebf9f8eaf63500347da59a0d2e7484b6b5d4be6cf6ee917de

SHA512
70e6749841a384daa65f284c5d7a8afa358b03b38cc091819aa5545960834b9b4a394eccc19c0a1e290c5b33fbaaa56bd1d6d988b5da0a34e2e56dacde5b17d4

Download Submit
\Users\Admin\AppData\Local\Programs\deemix-gui\libGLESv2.dll

Filesize
7.8MB

MD5
cdc3935fa97855b4f9d692702ea95ef9

SHA1
68939afd7f1f4a470d9328b068250c0b5fbab2c2

SHA256
eea91ba71fdec104e8d7c9fd24687ec4f1c308d79d6730ef58127a92025cc006

SHA512
3cdbd833e8311023d673315c2aebc8e19a17e5767dfa40ca2646ee094eeef27117961f581aaa4584fc639e9ec0195f98ea5454b397cf1cd2709b7772207381b5

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB065.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB065.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB065.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB065.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB065.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB065.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB065.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB065.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB065.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB065.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/4192-277-0x000001FB70930000-0x000001FB70989000-memory.dmp

Filesize
356KB

Download
memory/4192-311-0x000001FB70930000-0x000001FB70989000-memory.dmp

Filesize
356KB

Download
memory/4192-262-0x00007FFC39A20000-0x00007FFC39A21000-memory.dmp

Filesize
4KB

Download