17f33fc2948678135831c58f5179572c04537f61f96ae0a6f4858c2264f288ae

Analysis

max time kernel
175s
max time network
45s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MAGIX.Vegas.Pro.v16.0.307.exe
Size

176.2MB
MD5

960c561779bf473de4ca03e7d7b1bf7e
SHA1

93bbb1078ec75f1c49fb5020948cc955a4ae65d1
SHA256

17f33fc2948678135831c58f5179572c04537f61f96ae0a6f4858c2264f288ae
SHA512

3f4d2ddfc869c26d8e5ba8ec8ba5524ee6e38ed95c7a2b61779758e446fa95df011b16efd1526b6e9f6d61fe144fad3d9d3a812fd1020f6d9abe529eaed4f8a7
SSDEEP

3145728:uI97T0J38xFNuZ3s/9gEbuDjYFoGR9MYcJlXmpT5WWBrlOL0JPJjnyh:nAJRZ8/CYM3lXm/RBZA4Jj0

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0006000000015ca2-27.dat	acprotect
behavioral1/memory/2080-29-0x00000000748A0000-0x00000000748A9000-memory.dmp	acprotect
behavioral1/memory/2080-39-0x00000000748A0000-0x00000000748A9000-memory.dmp	acprotect

Loads dropped DLL 8 IoCs

pid	Process
2080	MAGIX.Vegas.Pro.v16.0.307.exe
2080	MAGIX.Vegas.Pro.v16.0.307.exe
2080	MAGIX.Vegas.Pro.v16.0.307.exe
2080	MAGIX.Vegas.Pro.v16.0.307.exe
2080	MAGIX.Vegas.Pro.v16.0.307.exe
2080	MAGIX.Vegas.Pro.v16.0.307.exe
2080	MAGIX.Vegas.Pro.v16.0.307.exe
2080	MAGIX.Vegas.Pro.v16.0.307.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000015ca2-27.dat	upx
behavioral1/memory/2080-29-0x00000000748A0000-0x00000000748A9000-memory.dmp	upx
behavioral1/memory/2080-39-0x00000000748A0000-0x00000000748A9000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2080	MAGIX.Vegas.Pro.v16.0.307.exe
Token: SeShutdownPrivilege	1768	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1768	msiexec.exe
Token: SeRestorePrivilege	888	msiexec.exe
Token: SeTakeOwnershipPrivilege	888	msiexec.exe
Token: SeSecurityPrivilege	888	msiexec.exe
Token: SeCreateTokenPrivilege	1768	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1768	msiexec.exe
Token: SeLockMemoryPrivilege	1768	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1768	msiexec.exe
Token: SeMachineAccountPrivilege	1768	msiexec.exe
Token: SeTcbPrivilege	1768	msiexec.exe
Token: SeSecurityPrivilege	1768	msiexec.exe
Token: SeTakeOwnershipPrivilege	1768	msiexec.exe
Token: SeLoadDriverPrivilege	1768	msiexec.exe
Token: SeSystemProfilePrivilege	1768	msiexec.exe
Token: SeSystemtimePrivilege	1768	msiexec.exe
Token: SeProfSingleProcessPrivilege	1768	msiexec.exe
Token: SeIncBasePriorityPrivilege	1768	msiexec.exe
Token: SeCreatePagefilePrivilege	1768	msiexec.exe
Token: SeCreatePermanentPrivilege	1768	msiexec.exe
Token: SeBackupPrivilege	1768	msiexec.exe
Token: SeRestorePrivilege	1768	msiexec.exe
Token: SeShutdownPrivilege	1768	msiexec.exe
Token: SeDebugPrivilege	1768	msiexec.exe
Token: SeAuditPrivilege	1768	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1768	msiexec.exe
Token: SeChangeNotifyPrivilege	1768	msiexec.exe
Token: SeRemoteShutdownPrivilege	1768	msiexec.exe
Token: SeUndockPrivilege	1768	msiexec.exe
Token: SeSyncAgentPrivilege	1768	msiexec.exe
Token: SeEnableDelegationPrivilege	1768	msiexec.exe
Token: SeManageVolumePrivilege	1768	msiexec.exe
Token: SeImpersonatePrivilege	1768	msiexec.exe
Token: SeCreateGlobalPrivilege	1768	msiexec.exe
Token: SeShutdownPrivilege	2240	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2240	msiexec.exe
Token: SeCreateTokenPrivilege	2240	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2240	msiexec.exe
Token: SeLockMemoryPrivilege	2240	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2240	msiexec.exe
Token: SeMachineAccountPrivilege	2240	msiexec.exe
Token: SeTcbPrivilege	2240	msiexec.exe
Token: SeSecurityPrivilege	2240	msiexec.exe
Token: SeTakeOwnershipPrivilege	2240	msiexec.exe
Token: SeLoadDriverPrivilege	2240	msiexec.exe
Token: SeSystemProfilePrivilege	2240	msiexec.exe
Token: SeSystemtimePrivilege	2240	msiexec.exe
Token: SeProfSingleProcessPrivilege	2240	msiexec.exe
Token: SeIncBasePriorityPrivilege	2240	msiexec.exe
Token: SeCreatePagefilePrivilege	2240	msiexec.exe
Token: SeCreatePermanentPrivilege	2240	msiexec.exe
Token: SeBackupPrivilege	2240	msiexec.exe
Token: SeRestorePrivilege	2240	msiexec.exe
Token: SeShutdownPrivilege	2240	msiexec.exe
Token: SeDebugPrivilege	2240	msiexec.exe
Token: SeAuditPrivilege	2240	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2240	msiexec.exe
Token: SeChangeNotifyPrivilege	2240	msiexec.exe
Token: SeRemoteShutdownPrivilege	2240	msiexec.exe
Token: SeUndockPrivilege	2240	msiexec.exe
Token: SeSyncAgentPrivilege	2240	msiexec.exe
Token: SeEnableDelegationPrivilege	2240	msiexec.exe
Token: SeManageVolumePrivilege	2240	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2240	msiexec.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1768	2080	MAGIX.Vegas.Pro.v16.0.307.exe	31
PID 2080 wrote to memory of 1768	2080	MAGIX.Vegas.Pro.v16.0.307.exe	31
PID 2080 wrote to memory of 1768	2080	MAGIX.Vegas.Pro.v16.0.307.exe	31
PID 2080 wrote to memory of 1768	2080	MAGIX.Vegas.Pro.v16.0.307.exe	31
PID 2080 wrote to memory of 1768	2080	MAGIX.Vegas.Pro.v16.0.307.exe	31
PID 2080 wrote to memory of 1768	2080	MAGIX.Vegas.Pro.v16.0.307.exe	31
PID 2080 wrote to memory of 1768	2080	MAGIX.Vegas.Pro.v16.0.307.exe	31
PID 2080 wrote to memory of 2240	2080	MAGIX.Vegas.Pro.v16.0.307.exe	33
PID 2080 wrote to memory of 2240	2080	MAGIX.Vegas.Pro.v16.0.307.exe	33
PID 2080 wrote to memory of 2240	2080	MAGIX.Vegas.Pro.v16.0.307.exe	33
PID 2080 wrote to memory of 2240	2080	MAGIX.Vegas.Pro.v16.0.307.exe	33
PID 2080 wrote to memory of 2240	2080	MAGIX.Vegas.Pro.v16.0.307.exe	33
PID 2080 wrote to memory of 2240	2080	MAGIX.Vegas.Pro.v16.0.307.exe	33
PID 2080 wrote to memory of 2240	2080	MAGIX.Vegas.Pro.v16.0.307.exe	33

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.Pro.v16.0.307.exe
"C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.Pro.v16.0.307.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\msiexec.exe
  msiexec.exe /x {0A119E00-A098-11E8-A73C-00155D6302F2} /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1768
- C:\Windows\SysWOW64\msiexec.exe
  msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\MVP16\vegas160.msi" /qb TRANSFORMS=ru.mst SF_INSTALL_DESKTOP_SHORTCUTS=1 APPDIR="C:\Program Files\VEGAS\Vegas Pro 16\"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2240

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:888

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1360

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000494" "00000000000003B0"
1⤵
PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\Shared Plug-Ins\Help Files\mchammer_x64_esp.chm

Filesize
11KB

MD5
174a41bafb43045e170b4419c3f518cb

SHA1
69150c318384d2109b286f5c195abee5212a7830

SHA256
b3fa12b21aa606ad6b8fe57141a081c675acf9ff078349859eb7eaf20cea7792

SHA512
e3f1db1bcd21c2aadf0fc805ab63223a296e77d076b72d32764f154c15cd67744b5194be096d8701199ea0b12ccf8edd1e72b358cc93538297227a8c4a560acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\VEGAS Pro 16.0\FileIO Plug-Ins\mxavcaacplug\mxavcaacplug.chm

Filesize
43KB

MD5
0f1fb541827cc6bcc3dbb777c00ca3ed

SHA1
18e68b072c1f24eadb0fe10353ca2725eb1e6869

SHA256
7c770fdb34b37cb6140c8adf3482613aa72dc51f989b9915ff7c45f882a1a81a

SHA512
d26a6d94cafb33880c4bfaa67a687e3a3d68a3851ebacead9a590d611b23e8c1194bb99296f4ac540c0e39790716a80deda52686fb335a2b1611f6abc8c7f8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\VEGAS Pro 16.0\FileIO Plug-Ins\mxavcaacplug\mxavcaacplug_deu.chm

Filesize
16KB

MD5
b28fb870f7ac1fc58835cd538f0b3827

SHA1
6535d439db0938e9ca0779e07c6751a111c00183

SHA256
a21893c188660edbfc3700f646316d496bcf7ded8603ef6c9f7852d02ed437ef

SHA512
88fe27c5ee62293ea08f54d0e30d96e37123590ce80dc8b77dc4bb338e03e11c363dce7c75a41824596ea2e55e290bf4d69b9e48e66e870d6bb4e10323d2a78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\VEGAS Pro 16.0\FileIO Plug-Ins\mxavcaacplug\mxavcaacplug_esp.chm

Filesize
16KB

MD5
d403b68f94df24047f1f5c06ceb438ff

SHA1
fd41dd09cab1c9b522826715876fc050d3b444ae

SHA256
48a9e9e9a1e5acb2d9afc5622b7decee6b9842a7c639b596247e3dee294b4421

SHA512
45e080281977fad0ce4e2bd268824309d1edca0ff97720ba0aa10d11cab2c0699fbf8746fe68ffc97657787b4bd051a006f48cc28ceb7bd4a2b882eb19e498bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\VEGAS Pro 16.0\FileIO Plug-Ins\mxavcaacplug\mxavcaacplug_fra.chm

Filesize
16KB

MD5
24bacd15fc74bb26c48bc6d5b8ce4c98

SHA1
d1f1366025fd2bf0dd5d0a0b3508bc352e77a940

SHA256
c0ca2de16679f5b6f62359cd22bdf69bd5b92dbea96909d6d5537d08c426fc4f

SHA512
fa714f4e227c4e0ab6bf055bf8df7c60f59e3c3dc9f36120c770894cba67eb258269d2a3a285f730b1cbd2544811f504aff64c318fd32fba0fbe562317193f0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\VEGAS Pro 16.0\Language\local_en_US.cfg

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\VEGAS Pro 16.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Presets\PresetPackage.xml

Filesize
3KB

MD5
83b5d05bef968ece141c8d97ef3aa5d7

SHA1
4833bcad14fc375cb196203386396b45a551b1cf

SHA256
30ea203709fc6340e1c7cd3b68de68f1db931e77b8f97a77fa3ae5d43034c41d

SHA512
2ed345bb3944ea77e0b49c50d87fcf2a9c7be5a034578d0571b2e737466f78de59e7df534afdecaeb02827ca2e16f9efb7d1e5dd8d3714246ab8fa5cd71138d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\VEGAS Pro 16.0\OFX Video Plug-Ins\spica_cutout.ofx.bundle\Contents\Resources\spica_cutout.zh-CN.xml

Filesize
2KB

MD5
aeecafded05bd66493d95f415cfa747c

SHA1
886ee151d5f69758da83ca32ec313275c5589498

SHA256
ea1d6a4ec728d85fbb8866fca4fc407fd844b6531128c7d547e96fc443156478

SHA512
5bd27247a571a43f161dd039bcc19018516341c6a1a72cc879541d31f3a951561fe2f2165d7de88334187632c768de8d99aa5e66c07baec5566c332f022c6333

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\VEGAS Pro 16.0\OFX Video Plug-Ins\spica_resizer.ofx.bundle\Contents\Resources\spica_resizer.zh-CN.xml

Filesize
2KB

MD5
ccf31630eae7630ac54ce9a8f5958868

SHA1
05fb373321c1a0ed119fc32101039dbb6dd282f8

SHA256
4eb2691257e50339743c46c82c9f00966d5e2bc955c59486db3f3c7dd9c3258a

SHA512
8f5ce74f0baa213e49a3f66f3ce0434bd634ba32f348df457d1d6e276f5cedcd9e140ac4d4d7262110d02330f1f9a1ad45bec1f066444413cab4e260e109dfff

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\VEGAS Pro 16.0\Protein\Forms\UnlockFormMail_sv_SE.rtf

Filesize
3KB

MD5
8d5febaf076595b31939039fed55668f

SHA1
1cdb60fa10ba517dceaee8cd234521655b20e7e0

SHA256
0abfe47beacb7b95510606e3a7a33032f661656e2ea16d496b0720c2b12492d4

SHA512
be850e4a67a2759b7d62c17e85f8c2193318d8dad9de01e37f72fb70b90c9afc7d669c9c2f20a5ca4feb9cd5487f40414355638fd2bb960c53e053f9b4815df5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\VEGAS Pro 16.0\Protein\Forms\UnlockFormServiceCenter_en_UK.rtf

Filesize
2KB

MD5
fa703609338cc05f182d4d0d7d07fb1c

SHA1
cc34fc7d8282a2fc2bc4610ac671dce0b82661f7

SHA256
5a31feaa4bdbc96da11a4f68a7fcb36bb791dc073b41e109f7d085dd008790bc

SHA512
05e30eed8c0d921e721d3382dc26bbbef047ce77564c5926c122477500f28ae11e63522e93dd119436717878fa065d4d83e02f33d2c4e71c2c9eb1ca73412e08

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\ru.mst

Filesize
20KB

MD5
afb64da300c754a216b0e93a67f0d8b6

SHA1
eaaa4cd9d7b79b89c31769339db03b381feacee2

SHA256
340f1ca2b64fc1325e533cb9825487ad9732a9410d35a34894e0bbfd67f741f5

SHA512
16e58a3c641ec59a2efb5204d58e0882d4448c0569795f1d6409d50872603d655b718d3fd3d303c08f1f1a29f5d3d10073e71783585c25ef010737433bfdfa7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MVP16\vegas160.msi

Filesize
2.6MB

MD5
62973c4bb312d11f18967890cfa8caaa

SHA1
fb38f0e6391f50c714b0f74bb5d1c3ebd982103d

SHA256
fae35e427e79275de2eaa47baa691b2438f93181ff4260056f0ffa97702d7b55

SHA512
44fdbc1d86a8620e816eff054d6875e268fc655fda4a4cd26a2cd46ca24dfc9b3dc574a825eafed0a3648a5b673b671cdaa03ad3461c78fd4a24fbce7bdf726f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy55AF.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy55AF.tmp\repackme.gif

Filesize
6KB

MD5
23d3840adb8f4f1efc083a1f7e640191

SHA1
adf0c7daa49637767b2abe2f390d1da4780eea9c

SHA256
82a1454402156d74f4f23c992d5d772b665546208eff44790871b8dcb36d2304

SHA512
7743a17141581ffa8023097678bf2eaf6db7d337af45052d00caba74f21f13e7ffa95097b629c3a28a3366eda873afdce240344adfdf7c0ef662a0ba0fe6db25

Download Submit
\Users\Admin\AppData\Local\Temp\nsy55AF.tmp\Aero.dll

Filesize
6KB

MD5
869c5949a10b32d3a31966cc5291301b

SHA1
329080c974d593ecdefd02afa38dd663a10331c4

SHA256
b19961de6ca07e08704d6372718542f70dbbb203e59bf9bbe3a58f6e069a625c

SHA512
3b9dde16e9ca803b1048243dbf29c717ac0472dffa764542c234318a960828834aa650b1dfb8bba66c4e7a9ce3aaf453829afc57dfb33dc8c311d203150d4fca

Download Submit
\Users\Admin\AppData\Local\Temp\nsy55AF.tmp\LangDLL.dll

Filesize
5KB

MD5
a1cd3f159ef78d9ace162f067b544fd9

SHA1
72671fdf4bfeeb99b392685bf01081b4a0b3ae66

SHA256
47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6

SHA512
ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362

Download Submit
\Users\Admin\AppData\Local\Temp\nsy55AF.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nsy55AF.tmp\newadvsplash.dll

Filesize
8KB

MD5
55a723e125afbc9b3a41d46f41749068

SHA1
01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

SHA256
0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

SHA512
559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

Download Submit
\Users\Admin\AppData\Local\Temp\nsy55AF.tmp\nsDialogs.dll

Filesize
9KB

MD5
4ccc4a742d4423f2f0ed744fd9c81f63

SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc

SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

Download Submit
\Users\Admin\AppData\Local\Temp\nsy55AF.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy55AF.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy55AF.tmp\nsis7z.dll

Filesize
391KB

MD5
c6a070b3e68b292bb0efc9b26e85e9cc

SHA1
5a922b96eda6595a68fd0a9051236162ff2e2ada

SHA256
66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b

SHA512
8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8

Download Submit
memory/2080-29-0x00000000748A0000-0x00000000748A9000-memory.dmp

Filesize
36KB

Download
memory/2080-39-0x00000000748A0000-0x00000000748A9000-memory.dmp

Filesize
36KB

Download