2903657263c3670e4d0ce60bac9a90c63400e365e8e0349b536473bbfcbd51ed

Analysis

max time kernel
4s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe
Size

3.8MB
MD5

91f48db9e99e6c6244d1b9fe09457cff
SHA1

5b7875bed9ebeda5c062ff27b551f80fbff860a3
SHA256

8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa
SHA512

42a897869b1e669f6e773f478e94dee79ba00fb9a10a07a8a290d6e38b739e28bddb0e9d718efe059df0ce87069d0082dd669e9f2b976d31cad0ba0d7b1b4c0b
SSDEEP

98304:XS3aG0qGL02DkJqOwhl7/CgqiN17zqyHHX:BNL02gJ+l7/Cf+7zVHX

Score

8^/10

evasion

Malware Config

Signatures

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Stagsi\InitialSup.json	8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe
File created	C:\Program Files (x86)\Stagsi\76889a56-dec4-45f5-a53c-d00b22dc7292	Sup.exe
File created	C:\Program Files (x86)\Stagsi\SupStub.bat	8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe
File created	C:\Program Files (x86)\Stagsi\Supper.exe	8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe
File created	C:\Program Files (x86)\Stagsi\InitialSup.exe	8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe

Executes dropped EXE 1 IoCs

pid	Process
2888	Sup.exe

Launches sc.exe 2 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2808	sc.exe
2844	sc.exe

Loads dropped DLL 1 IoCs

pid	Process
2680	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 1 IoCs

evasion

pid	Process
2792	taskkill.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2888	Sup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2792	taskkill.exe
Token: SeDebugPrivilege	2888	Sup.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2476	8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2476	8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2680	2476	8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe	28
PID 2476 wrote to memory of 2680	2476	8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe	28
PID 2476 wrote to memory of 2680	2476	8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe	28
PID 2476 wrote to memory of 2680	2476	8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe	28
PID 2680 wrote to memory of 2808	2680	cmd.exe	30
PID 2680 wrote to memory of 2808	2680	cmd.exe	30
PID 2680 wrote to memory of 2808	2680	cmd.exe	30
PID 2680 wrote to memory of 2808	2680	cmd.exe	30
PID 2680 wrote to memory of 2844	2680	cmd.exe	31
PID 2680 wrote to memory of 2844	2680	cmd.exe	31
PID 2680 wrote to memory of 2844	2680	cmd.exe	31
PID 2680 wrote to memory of 2844	2680	cmd.exe	31
PID 2680 wrote to memory of 2792	2680	cmd.exe	32
PID 2680 wrote to memory of 2792	2680	cmd.exe	32
PID 2680 wrote to memory of 2792	2680	cmd.exe	32
PID 2680 wrote to memory of 2792	2680	cmd.exe	32
PID 2680 wrote to memory of 2888	2680	cmd.exe	34
PID 2680 wrote to memory of 2888	2680	cmd.exe	34
PID 2680 wrote to memory of 2888	2680	cmd.exe	34
PID 2680 wrote to memory of 2888	2680	cmd.exe	34
PID 2680 wrote to memory of 2888	2680	cmd.exe	34
PID 2680 wrote to memory of 2888	2680	cmd.exe	34
PID 2680 wrote to memory of 2888	2680	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe
"C:\Users\Admin\AppData\Local\Temp\8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Program Files (x86)\Stagsi\SupStub.bat" /install /archive "C:\Users\Admin\AppData\Local\Temp\8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe" /offset 520716,2829606 /fresh"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Windows\SysWOW64\sc.exe
    sc stop Sup_Stagsi
    3⤵
    - Launches sc.exe
    PID:2808
- - C:\Windows\SysWOW64\sc.exe
    sc delete Sup_Stagsi
    3⤵
    - Launches sc.exe
    PID:2844
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /im Sup.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2792
- - C:\Program Files (x86)\Stagsi\Sup.exe
    Sup /install /archive "C:\Users\Admin\AppData\Local\Temp\8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe" /offset 520716,2829606 /fresh
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2888
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files (x86)\Stagsi\_update\pre\run.bat""
      4⤵
      PID:2632
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Sup /install /archive "C:\Users\Admin\AppData\Local\Temp\8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe" /offset 520716,2829606 /fresh "
        5⤵
        
        PID:2572
    - - C:\Windows\SysWOW64\find.exe
        
        find "/fresh"
        5⤵
        
        PID:760
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
        5⤵
        
        PID:892
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
        6⤵
        
        PID:2516
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files (x86)\Stagsi\_update\post\run.bat""
      4⤵
      PID:2924
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\Soletude.Common.dll"
        5⤵
        
        PID:680
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
        6⤵
        
        PID:1604
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 114 -InterruptEvent 0 -NGENProcess 198 -Pipe 12c -Comment "NGen Worker Process"
        6⤵
        
        PID:2672
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\Soletude.Components.dll"
        5⤵
        
        PID:1760
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 180 -InterruptEvent 0 -NGENProcess 114 -Pipe 184 -Comment "NGen Worker Process"
        6⤵
        
        PID:2692
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\Soletude.Components.FileAssociations.dll"
        5⤵
        
        PID:2632
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 184 -InterruptEvent 0 -NGENProcess 12c -Pipe 124 -Comment "NGen Worker Process"
        6⤵
        
        PID:1040
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\Soletude.Stags.Library.dll"
        5⤵
        
        PID:2416
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
        6⤵
        
        PID:1708
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1a4 -InterruptEvent 0 -NGENProcess 180 -Pipe 18c -Comment "NGen Worker Process"
        6⤵
        
        PID:1724
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 184 -InterruptEvent 0 -NGENProcess 12c -Pipe 124 -Comment "NGen Worker Process"
        6⤵
        
        PID:1168
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1c4 -InterruptEvent 0 -NGENProcess 1cc -Pipe 1d8 -Comment "NGen Worker Process"
        6⤵
        
        PID:1036
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\Soletude.Stagsi.Plugins.dll"
        5⤵
        
        PID:2792
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
        6⤵
        
        PID:392
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 184 -InterruptEvent 0 -NGENProcess 12c -Pipe 124 -Comment "NGen Worker Process"
        6⤵
        
        PID:3000
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\System.Data.SQLite.dll"
        5⤵
        
        PID:2356
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\XmpCore.dll"
        5⤵
        
        PID:2332
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 11c -Pipe 114 -Comment "NGen Worker Process"
        6⤵
        
        PID:2284
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\en\Soletude.Stags.Library.resources.dll"
        5⤵
        
        PID:1676
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\en\Stagsi.resources.dll"
        5⤵
        
        PID:1100
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 184 -InterruptEvent 0 -NGENProcess 12c -Pipe 124 -Comment "NGen Worker Process"
        6⤵
        
        PID:2588
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\Plugins\psd2pixels.dll"
        5⤵
        
        PID:2712
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 184 -InterruptEvent 0 -NGENProcess 12c -Pipe 124 -Comment "NGen Worker Process"
        6⤵
        
        PID:2576
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\Plugins\PsdPlugin.dll"
        5⤵
        
        PID:892
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 198 -InterruptEvent 0 -NGENProcess 188 -Pipe 11c -Comment "NGen Worker Process"
        6⤵
        
        PID:1284
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\Plugins\TxtPlugin.dll"
        5⤵
        
        PID:1328
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
        6⤵
        
        PID:2368
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 198 -InterruptEvent 0 -NGENProcess 188 -Pipe 11c -Comment "NGen Worker Process"
        6⤵
        
        PID:2880
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\Plugins\WpfPlugin.dll"
        5⤵
        
        PID:3004
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
        6⤵
        
        PID:1872
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 19c -InterruptEvent 0 -NGENProcess 18c -Pipe 1a4 -Comment "NGen Worker Process"
        6⤵
        
        PID:2028
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\Plugins\XamlTune.dll"
        5⤵
        
        PID:1952
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
        6⤵
        
        PID:2428
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 114 -InterruptEvent 0 -NGENProcess 198 -Pipe 12c -Comment "NGen Worker Process"
        6⤵
        
        PID:2000
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\Plugins\XamlTunePlugin.dll"
        5⤵
        
        PID:2824
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 198 -InterruptEvent 0 -NGENProcess 188 -Pipe 11c -Comment "NGen Worker Process"
        6⤵
        
        PID:852
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\ru\Soletude.Stags.Library.resources.dll"
        5⤵
        
        PID:1856
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\ru\Stagsi.resources.dll"
        5⤵
        
        PID:2844
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
        6⤵
        
        PID:1672
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 184 -InterruptEvent 0 -NGENProcess 12c -Pipe 124 -Comment "NGen Worker Process"
        6⤵
        
        PID:1752
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\x86\SQLite.Interop.dll"
        5⤵
        
        PID:2812
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\x64\SQLite.Interop.dll"
        5⤵
        
        PID:2568

C:\Windows\SysWOW64\find.exe
find "/fresh"
1⤵
PID:1912

C:\Program Files (x86)\Stagsi\Sup.exe
Sup /pipe - "C:\Program Files (x86)\Stagsi\_update\post\extra.bat" /1
1⤵
PID:2532

C:\Program Files (x86)\Stagsi\Sup.exe
"C:\Program Files (x86)\Stagsi\Sup.exe" /service
1⤵
PID:984
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Program Files (x86)\Stagsi\_update\post\extra.bat" /1"
  2⤵
  PID:1760
- - C:\Program Files (x86)\Stagsi\_update\post\Supper.exe
    "C:\Program Files (x86)\Stagsi\_update\post\Supper" shortcut "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Stagsi - find by hash.lnk" "C:\Program Files (x86)\Stagsi\Stagsi.exe" /arg /hash
    3⤵
    PID:2192
- - C:\Program Files (x86)\Stagsi\_update\post\Supper.exe
    "C:\Program Files (x86)\Stagsi\_update\post\Supper" shortcut "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Stagsi - import.lnk" "C:\Program Files (x86)\Stagsi\Stagsi.exe" /arg /import
    3⤵
    PID:1628
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
    3⤵
    PID:2748
- C:\Program Files (x86)\Stagsi\Stagsi.exe
  "C:\Program Files (x86)\Stagsi\Stagsi.exe"
  2⤵
  PID:2156

C:\Program Files (x86)\Stagsi\_update\post\Supper.exe
"C:\Program Files (x86)\Stagsi\_update\post\Supper" shortcut Uninstall.lnk "C:\Program Files (x86)\Stagsi\Sup.exe" /arg "/uninstall /archive Uninstall.zip"
1⤵
PID:1512

C:\Program Files (x86)\Stagsi\Sup.exe
Sup /uninstall:add /archive Uninstall.zip /uninstall:remove /info "S Publisher Soletude" "S HelpLink https://go.soletude.ca/stagsi" "S URLInfoAbout https://go.soletude.ca/stagsi/support" "S Contact [email protected]" "S SettingsIdentifier Soletude\Stagsi;Soletude\Sup\Stagsi"
1⤵
PID:1596

C:\Program Files (x86)\Stagsi\_update\post\Supper.exe
"C:\Program Files (x86)\Stagsi\_update\post\Supper" shortcut "C:\ProgramData\Microsoft\Windows\Start Menu\Stagsi.lnk" "C:\Program Files (x86)\Stagsi\Stagsi.exe" /desc "Stagsi - Soletude's Tagging System Interface"
1⤵
PID:1476

C:\Program Files (x86)\Stagsi\_update\post\Supper.exe
"C:\Program Files (x86)\Stagsi\_update\post\Supper" shortcut "C:\Users\Public\Desktop\Stagsi.lnk" "C:\Program Files (x86)\Stagsi\Stagsi.exe" /desc "Stagsi - Soletude's Tagging System Interface"
1⤵
PID:2240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319"\ngen install "C:\Program Files (x86)\Stagsi\MetadataExtractor.dll"
1⤵
PID:2900
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
  2⤵
  PID:2652
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1ac -InterruptEvent 0 -NGENProcess 1a0 -Pipe 1a8 -Comment "NGen Worker Process"
  2⤵
  PID:2860
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 18c -InterruptEvent 0 -NGENProcess 184 -Pipe 188 -Comment "NGen Worker Process"
  2⤵
  PID:2880

C:\Program Files (x86)\Stagsi\Sup.exe
Sup /pipe - "C:\Program Files (x86)\Stagsi\Stagsi.exe"
1⤵
PID:2756

C:\Program Files (x86)\Stagsi\_update\post\Supper.exe
"C:\Program Files (x86)\Stagsi\_update\post\Supper" genid Sup.json id=
1⤵
PID:240

C:\Program Files (x86)\Stagsi\Sup.exe
Sup /service:add /service:remove
1⤵
PID:1800

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Sup /install /archive "C:\Users\Admin\AppData\Local\Temp\8526b8f067b859b6664b8b45f0d1dd17940515b5f7a6e85eef5013fe6c678afa.exe" /offset 520716,2829606 /fresh "
1⤵
PID:2768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
1⤵
PID:2360

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
1⤵
PID:2200

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
1⤵
PID:2808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 180 -InterruptEvent 0 -NGENProcess 12c -Pipe 124 -Comment "NGen Worker Process"
1⤵
PID:2028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
1⤵
PID:2396

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
1⤵
PID:2340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
1⤵
PID:588

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 124 -InterruptEvent 0 -NGENProcess 114 -Pipe 120 -Comment "NGen Worker Process"
1⤵
PID:1480

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 114 -InterruptEvent 0 -NGENProcess 198 -Pipe 12c -Comment "NGen Worker Process"
1⤵
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Stagsi\MetadataExtractor.dll

Filesize
8KB

MD5
53283a66e1b0192444d57efa8d041ccf

SHA1
17b8e311904d56a6e00e3fa5dc7e66db2ced4f23

SHA256
6c656321ab36ee5eedbc411c1a4ce4e515599ebb4f501600de9c6c0678de614c

SHA512
283c1773333e6a7fd8161833f2a62000bd7bd1bdc36d46c5e817c32a449105e4d63ce2cf9361f27a37ae0ea628d469737513dc14914b4afc1747d3d72cc3494a

Download Submit
C:\Program Files (x86)\Stagsi\Soletude.Components.dll

Filesize
18KB

MD5
80501e5864ba4078744b8a8a6bb41fee

SHA1
04f756be13f8afa4ec053b7a63a72f91e938ba19

SHA256
2b8e280b3e49e4d7666b0d6a272225d28e947ca95ead4eeba097237ef42ec8b6

SHA512
fa51a4d9d78ff7032a89115d4c636c5de7cdbd4dab4d386d42d1113d88d49a552bd0bb2c0ab68a0c44d3dc06874098b9a0c811d2bc210e0ce68fe2015ca24231

Download Submit
C:\Program Files (x86)\Stagsi\Soletude.Stags.Library.dll

Filesize
2KB

MD5
2459a211bf7caee6a59985b2b74d09b9

SHA1
1fcc2e5bbed3d2568ce22255218187e14ea4b752

SHA256
274d6a3469ff817a0c4a4aab61b52ea895acee8494782a64f474e18186565253

SHA512
88a7ef3746e42671d351c251cd0b02998162c1a477105fc39de54878572961708783cdf0d1fbb7968e164318f6ff6e89c0e73ef3a3c13b8d8679292b9b63978e

Download Submit
C:\Program Files (x86)\Stagsi\Stagsi.exe

Filesize
43KB

MD5
cd3fbbc5f354bf7e9c1f1db917c4da94

SHA1
cef8ce564a1780c22c4d003a6bfe4f178bd6933b

SHA256
fb9e438e222159efbb05eaff7d2af478288f82ed372e9f1f3e4094ddb1a0ffcd

SHA512
84d8ab89fe1c9979efd41a29c2fb9edbb301be69df9c57f20aa472de56243282a06807a44d78bacba1e1bbd617ff52f5a61cc6d39d6be33e94862db68836b02d

Download Submit
C:\Program Files (x86)\Stagsi\Stagsi.exe

Filesize
30KB

MD5
2469c9fecb98ad367f05b99ec838837a

SHA1
1480087f1b921b9759e14bbf0f6f023414056ccc

SHA256
50fff0fcbe2af2e487eb85620c5decd46e75702f1a1a8fdfe91aa550739385a7

SHA512
e2f6cac6d70aae378a3277d24a89bbe51ddf575378c49994dbfa10d2a11d1655f097cf516eb7431ae4f8f68f4c35579b6d0c1197a9ad49db854629f838745e81

Download Submit
C:\Program Files (x86)\Stagsi\Sup.exe

Filesize
32KB

MD5
13ac6e9cffe8e725161d99a75d3d97e9

SHA1
242431a2451512049c82ff08a120a6b964c4e28d

SHA256
29b67f0ed07db3c690a4909ee5ee294ac12df7e31aeb030fe0703343a06ec682

SHA512
73b8b20273a87d42eccd7fc7c535a143d91dab2e55cd4124d8b083a25105c1b5c88e788a2bed28a52358b41654dc63b41869f54342299a86c8189fc324a9cac4

Download Submit
C:\Program Files (x86)\Stagsi\Sup.exe

Filesize
53KB

MD5
50b97271865b3b3d4ef7d6df45837c25

SHA1
83d924e67c2e3e43d9f4a632d07de9737cbea460

SHA256
8d81890079fff26a007151ca69dbe5aebb883100239907c07421ae538895f0ff

SHA512
30751dc8fe607b5f8c24afed1f5b86edac08bf4a948b424ca873be63ef1573774e7605a71e419f84ad6715d5cf98c0018c2428a77239d7b03b1a961b8bab19fe

Download Submit
C:\Program Files (x86)\Stagsi\Sup.exe

Filesize
1KB

MD5
8198ca05ada560b3f697efbab18033d5

SHA1
10a6edb3f0c1d84fe6bb11c3b94e48e453890503

SHA256
0e5c9a1114f309416cae232ca5e86c4ab464168fbc744f1566c899274e4369cc

SHA512
e799bc58f3181c8ac835425c8956c6688dbd0cf37a65dad5ca43b095ebe3db1af44534df6092fbddcfd46c817ea9caf0f7f67427c2bd43984a9d5d02058a4f30

Download Submit
C:\Program Files (x86)\Stagsi\Sup.exe

Filesize
20KB

MD5
ead1f2e234d213e069cea7b79b9695be

SHA1
3e2730b16f941e4db7473e6972c20063fe02db86

SHA256
b66b9fe5bafdc5cad954cfd2f3cbefcf9fac22287fd7c5ee894a5fccdca25d8e

SHA512
2cd9e3a62270ddcf478b267966e6fe89efab6f7301dc630b0c60b3a948a016d5c2831e808bfa689dd8ae100c4f6caf8dd06e4e64210e93dc5ee0822d28fdfff1

Download Submit
C:\Program Files (x86)\Stagsi\Sup.exe

Filesize
118KB

MD5
dba8c1d8fc0b9725225bed4d683cc46f

SHA1
576429831dc5be197f0f2ecbd1b3f3d38c1ebc60

SHA256
874b5fa006554326482f6d120cce7f2ca45252e20c8df70b627400cb5dcbe6c3

SHA512
fb4a48291e9365b484a925d16a2655938655679f642ce972ba6d8052edf76dfc7bcf5517399ee913114668a609519bb6a6acdc63cadda3f97f6be03e259f7db9

Download Submit
C:\Program Files (x86)\Stagsi\Sup.exe

Filesize
40KB

MD5
d8d909703fe2a7b76838b77ef61b935e

SHA1
03fcec9f8f6cc8e37ef4b8e427302c3e29f494e6

SHA256
4bd5de705988b27ae5bcea1cec11a9dd026c81b5fe46b088f1355bebbf5eb6cf

SHA512
8fe940f7176b47c5f0406180cc26e69678e5f1e9fe5e3928ec93a6743b189aeb4dfa6cd4d09fa9f498b251e2824dcf4fd9e3fbf9c790f9c3560ea8e04d3f34a6

Download Submit
C:\Program Files (x86)\Stagsi\Sup.exe

Filesize
45KB

MD5
c7b0bb8f189c83be704a7b2b03e9cf50

SHA1
7a6a0bea2aff6e6b24df5b85a7606eead864a085

SHA256
6ea9d9a98c487fba96df834ee60e14c3616d5c1b122080fd76726f6178e2658b

SHA512
1fb08bdbad8bc8c5f261ad77405d09463b0d03e05dbf2caf145e92005e0f185a5ebc34fda79c275fa00ef1e721f167163934b405a909c129cb190fe076bc6dc3

Download Submit
C:\Program Files (x86)\Stagsi\Sup.json

Filesize
1KB

MD5
f253d16945fabfde90ed6a33fe855af0

SHA1
533d349fe4d7986abd6fc9d7a2e0ffcf79d2d301

SHA256
6331712c233d895822bfaa10d318098413c5ab8c91dcaaf36e81bb0b7125f4f4

SHA512
348884588f68921db005ba54fc2bb95fd8651660e466e147b0b479bec2684593c1a48ff7a9d8d01a9e382cfb9ec48224e86009d0e0b556a76378454660299151

Download Submit
C:\Program Files (x86)\Stagsi\Sup.json

Filesize
1KB

MD5
e03d294bcf267f76de2c734046b7a761

SHA1
4bbb596c3ef6a3bb431c7a950b321d0c3909b934

SHA256
3556357c5fbded8908fbaa16b8b65c6321c136021eb58d23b931d1cd250e2b7f

SHA512
e878707df76e98c2480ff9f139eddeb0110f684dd9a7657a2555ebe4313727fe84fc9bb151a060b6b195d51e717866e623cceb8e9b66edd9cf6fd1a5758e2e59

Download Submit
C:\Program Files (x86)\Stagsi\XmpCore.dll

Filesize
63KB

MD5
4b710d561667ff52d15ee7684068b40d

SHA1
21032acaa78c91ddfbe07ad5048eb3f7d534a4bb

SHA256
2404376eafb1126a8b74181a39e421724507a78b5b3812733dbd878130684478

SHA512
69c81f566573c00a9671643b3813094ee06971c27feb79ee9ad497ea4c131cd0f9609ecf13ff5d6c0375b6a4c8e9c526349022e6867cfccaa29d4834ac954223

Download Submit
C:\Program Files (x86)\Stagsi\_update\post\Supper.exe

Filesize
13KB

MD5
110ec8f82bb8fa78403ede65f04a0aa9

SHA1
318c7987c41db08b37b954db87fbfea979a954bf

SHA256
e404ced22b8628a542ac1cf022f4d8f9c3413a2cad42bd2e22eb7d81e57a1258

SHA512
8eadd15967b85af9766484205b85a69a7388f0e62568fb0b9198def975c2793dda6ea20eb6fc0ecc1f546e30fa52c8a3ad5de647fd741139501b28f680607ab6

Download Submit
C:\Program Files (x86)\Stagsi\_update\post\Supper.exe

Filesize
146B

MD5
877f2f2499425bb3355c9bd5b3e8b59f

SHA1
8dd72eca925bd3d44c49bc4c7c76012c8f9bb508

SHA256
73f03aadb50fbf773e0cccad2905d8704d09b7c0b62e71b98c6b074ba44d7717

SHA512
5aebb1fc00e4aabb1dca2f0e9717ccaa388690c9c482e58cb1310c114f739ac1208c358c356ad3bda2ca9be4ab0dad6aefe6e7cea4623f901ca581bbe8624313

Download Submit
C:\Program Files (x86)\Stagsi\_update\post\deleted.txt

Filesize
136B

MD5
785acb48d19324bc557d23f02538b1e4

SHA1
475d8f2999c535ab085d037e14d78d063d406748

SHA256
34339389572d8cb2647016edbd4803b8e312fc9a8909629a6ba1e7b3d3de23bf

SHA512
4582906ff0031c2f6a20ce2360e725353842aa2a8626c3d31387263519aa3d0ba976a93683d3da104f985313fa8f01af538c577cf4b2489e5f761d3086674dc7

Download Submit
C:\Program Files (x86)\Stagsi\_update\post\extra.bat

Filesize
439B

MD5
1b2118a0527e287653f853c3c76fac39

SHA1
2eddc961b2f7c1bdf393914bbdbfb115e7dba503

SHA256
bfdd28c365918335b8263530cbfc68b1805ef6a69aab52bc78fd610ce74870df

SHA512
bae7a9a0c058b3302d30ba770879979e709a77dbda9cb62c222c26879d449c2241974618933379ee5459c6fda5dac747d41b88dac6d3af87810a95b5e7a2ece5

Download Submit
C:\Program Files (x86)\Stagsi\_update\post\run.bat

Filesize
3KB

MD5
fdafbe6c0c91c838febb1b5202d2b895

SHA1
fe25ff94bb98a20c568fda7aa875262fca6a0274

SHA256
4f28dfd1ed2c747ae7ee62e0671bcfa3bf9040587dc7ad6bb71091bd22e26e43

SHA512
f97a3e34646479adffb23a8e1e2997004c62ad1ed167ee5312d4f72ca273ea6a4ddcbe33b8c4868a59a02c7aaff040a7bf575e9e8a312b72a997b7f96a5ff171

Download Submit
C:\Program Files (x86)\Stagsi\_update\pre\extra.bat

Filesize
1KB

MD5
8d3f61e2cebc5e1b8fad6f24c8e74fe0

SHA1
192f5d05f8162fc22109088f22553b66827c0e26

SHA256
0f6e7504b1c0cf766b06f3a8a3018cabbb11216d6aaea2b4d56a6c687f33d062

SHA512
90607238d8394e8e320f20f18bcdb49f0ea88e60e4103d2594c3e76a88df2db670f9df489a53e50e67455354f46b472fcb8c74a23efe67ad27c3108f514da3ff

Download Submit
C:\Program Files (x86)\Stagsi\_update\pre\run.bat

Filesize
654B

MD5
03595f5e93d3acfe40506aad20227ab2

SHA1
24daeb2d3a8269a442314b8cc66b21e07186af1a

SHA256
a0e91d2789540d114c7f264793f391ebf09ab9285758d379ccb9d9d431908822

SHA512
487141470e8f58425b255a7769990cf174ab0d4d06cd551818de4ca3e88be9043002d77b1df910843e3d8dc3d8e9a6bdad06f0fc7ad3566352e5ccdf6d9702f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab698.tmp

Filesize
39KB

MD5
7a403ba7e0e19ee4b4aaa10487646978

SHA1
0baff247a0534154d91f4b8bce17995d3ae47a67

SHA256
b8cb8dbfe4a864adc1d887b4762583aa9d1bfcc5be8e7a67229a30b8438a9591

SHA512
3854eeb8fc47534b3c4e9fbab509b0b3b9f4a52af357d46f847590e7ae3e29c346e7c0ac283e76dcaf16d26eceb30681b9cfe7c6a0bfce061f4f8ff83637bb35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8BD.tmp

Filesize
67KB

MD5
b01d5f379df4bf04aa87a653b44e824e

SHA1
dba6f0f3edb8cac56ee36a271e6c8e59633c52c5

SHA256
94ae9f6c1edbef92e887c6476de1ab77e54b209f75ab90d15b1f42b158ccece4

SHA512
3c01c2d6e9beb0e804ca2d81f444639566234f8c1d76cbeb8f84fc7100fb5d0c155aead985bdf5e9413de7cb05cb89309691fa99d7425e019dc6d252a7d78980

Download Submit
C:\Users\Admin\AppData\Roaming\Soletude\Sup\Stagsi\Log.log

Filesize
5KB

MD5
ddea908e9b4060d287408c45dbab8e7c

SHA1
3f794ba6c4b3645f06eb40a73eb3e9e3d2ea5f11

SHA256
bea29090893824604987bfd187d2322ec8871fb5472dcdbfc7240a133568f0fc

SHA512
c3156b58929d4b894e796c6cd420cdbb52467b671f0ce61816ae585cba5eea962e0cda5b5323e9a237931f3d513b598d54d3c1c303ed641150d9b444bc09f406

Download Submit
C:\Users\Admin\AppData\Roaming\Soletude\Sup\Stagsi\Log.log

Filesize
5KB

MD5
8b7a10e00f9038c86b1d6bb4dde80a65

SHA1
6a86f2ef849c71a4a7779f37f86621104a1a1ec6

SHA256
81abe7eafa05ef97ee5ed5ffa1e41a238df22053b291a98666e3dfab3091249c

SHA512
d3140b19b57a5e2c158c5078002de230d3d90720cf7f750b3894df1889afd7f2a33213ebac706ec253e0bb322735599e1a92d40d063049aee4539bb10c8561ae

Download Submit
C:\Users\Admin\AppData\Roaming\Soletude\Sup\Stagsi\Log.log

Filesize
7KB

MD5
43771a668bfa0c440d24d758612587c7

SHA1
bc110a1af420802aeb4cf543df06e8cfefd1e761

SHA256
18729b1f86d9f3e56ea7d334fe97b35dc610526d0ff6cfdbc3fd4f1fd9223dd2

SHA512
be81f276752b271a040bd79c7a56a565a69a88c0eb3031f660332b446b0004ee0ccd7331fe8a3c9c0b9facc16aa8a3f618393c8342aa1cd04e51eeae1a828e4e

Download Submit
C:\Users\Admin\AppData\Roaming\Soletude\Sup\Stagsi\Log.log

Filesize
9KB

MD5
01fceafdb38b2ff14dbac15afbe7f6e6

SHA1
b78dd1853548c5c5877bf4dc59b840553dc95ec1

SHA256
b1e8f2f15739bea17291437f0f15d0a13207620d267f55b7e7d4ef644a2b61b2

SHA512
5507b2db79a42b8b28c6a04580c981cd10bb5b8f04ebc0371775e39828104e3b5c45666d32168ff64bb31b782c8119842c04f949f6bac3923e87283434ad0765

Download Submit
C:\Users\Admin\AppData\Roaming\Soletude\Sup\Stagsi\Log.log

Filesize
13KB

MD5
d69ebdf7f214a452c63a777f881a0a1f

SHA1
59ad8c5dde4daf14220435afdbddb129b2e80f98

SHA256
7f6aec5a9c1df26a5cc09df7025240a770c583b1e41a77fcd6dcf1696b17ab09

SHA512
34fa0603ab551e7fa3763399c3d640de95d889bf60aae5165010af496b1d66d018d6d8d3b3d4ffe27ee67db46ba8468b62627e004a67353519969524a27e0a39

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

Filesize
83KB

MD5
7320ef3999bb2e1ececd3b3cb24d0d50

SHA1
7c9a73dde14a6cfd5984a7c2c311850831db7055

SHA256
9f3b2d602af144b81f40b85c5499370875444dd404f35e9942c5e5dfcfacee78

SHA512
7fea17934abbe1b6082f5ab0ce5de42067ce5fb923e218aef9615a2460c3f4d56a4ce0f8e071984cb6e36d51dc66946b07425cf075d90f592d657633d85f5e17

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\XmpCore\4373ad6d11ded7d02d52351a9ada761e\XmpCore.ni.dll

Filesize
18KB

MD5
f4ab0f2244b3386f6f8ae9a3597bbbee

SHA1
7dfd6f5d6ba09b4d9c6044551bf0b0ff0db909f5

SHA256
5ec1ce038b74d788b58b258b3bdae82ac0d9dcb5194332e3fe79e25994bc5013

SHA512
a9bfb46582b551a73a2878b743a78796b5ae34f859037ae15c9854a14664817449d97e847190903be047d99100f96bd2cdeb61199040a52a27728ec65b37dd6b

Download Submit
\Program Files (x86)\Stagsi\MetadataExtractor.dll

Filesize
8KB

MD5
d5ae85e410a09e212cdff629c7f2f077

SHA1
0bcbdbcc675972e5045c9a1c063b08c2fa1da77e

SHA256
e4aa000263b26db7d2b3b81e1c71d908cd42a0c03c27aefee8e06b4e93a2bb27

SHA512
a225ef6b2d5e614e23291fb8847fe5d493f22b6d7b6310b690ea3a85728cfb70867f0ea93c0d1e4a3e8a1ee5a0ff52a6e83a0dc430146683ed2217e029d1042b

Download Submit
\Program Files (x86)\Stagsi\MetadataExtractor.dll

Filesize
23KB

MD5
e89b001db6969aaa6a3f125bd037176a

SHA1
f93ae27f160a811e79df42c6e24ffc731c568b75

SHA256
9dcf477c7f8d41fae7d88340e3ac8a567e4cfc31c9f8e2fb8f1cfe189b5757fe

SHA512
5f5f752200646977c6dbfc4951c10db6754741519fbab262fbc231fe612da42b9c83f1c79576c660ab1224046084fb1eca0987d5d3bb5444ec3ec504f0aa784d

Download Submit
\Program Files (x86)\Stagsi\Soletude.Components.dll

Filesize
23KB

MD5
7afee921b2a1e3c3ee094f85bb4eb3d3

SHA1
0b81264c82cfb4687845323f1c51966d41428768

SHA256
a67c8c86b37e12dfc811e9eef72c5184f8bf1af6b4e2dccc6c0f7b10c273cc9e

SHA512
72a35f40354683f0382a3deb83ce30385d22a238565b66398cf8ca601d62b245ecf0fb7807849d3022edb49947bf65966ee5d9ad43a5eb276288b31e174044c7

Download Submit
\Program Files (x86)\Stagsi\Soletude.Components.dll

Filesize
1KB

MD5
21a2508de5b7b4d88f2fa35940344a66

SHA1
c9325ad58a6cfff871206baa163d2ebd6d000c34

SHA256
7766decbf1236bfd6535d55187ad198af7f01049b35f63d430a88334692b4dd2

SHA512
41346dce483c7ab669b712d57ff34959656de7a9ea516e88354156a647a63c2f7e7b76a8d960a687052269e096507cb342931d8dfdfbd2c7c6ad92c585c12d95

Download Submit
\Program Files (x86)\Stagsi\Soletude.Stags.Library.dll

Filesize
10KB

MD5
3a90be629f50967a50da4397b6e4ed24

SHA1
ff6a8837b3d4b6771fbc616d6afc88480cff97e7

SHA256
462b50ec707d6c393e21b7f0c346db0f565a35e57896431a76c58f87c73aa66d

SHA512
fff883c407c5e69d2b3e9d6efb423bcd740c616d7786068401b5d639bf6f597299f9f2c8adeb22f57bb8a112c91bc47a2a58aef9cdc800cfdfe74844bc3f4795

Download Submit
\Program Files (x86)\Stagsi\Soletude.Stags.Library.dll

Filesize
58KB

MD5
1c383de202490d2d534ca0c3b7527e25

SHA1
9d699d212c8ae8d5d519f0d7c4f6529a9aa33447

SHA256
f5fc0463478360938b6b3aa520284aac85294718849a90ba928166daf05a9036

SHA512
29630ea488f61f752e26e030428cb06ae9b89bb94ea65f16bebc4f79b338675b0cb4d81623bf82031c0096cc5fa386353986b5ae93e23d3866a73e979de0637b

Download Submit
\Program Files (x86)\Stagsi\Soletude.Stagsi.Plugins.dll

Filesize
23KB

MD5
b17523e5e68b290b7698f9ca289644b5

SHA1
2e953eba9d59849111cc09b9d202b2105efbe314

SHA256
1ad03a36936333c68c036c71b73931d0652c581f1c19b97aafdeca686d014204

SHA512
f8d64379a150ec15cb7b947dd5e3982fd6ea08ff3fd9863e4e389aa14132512b14d5bed213a9bfd04d8bfca0197b02258ccaef5e0cc6415b4fa4655f411a56e9

Download Submit
\Program Files (x86)\Stagsi\Stagsi.exe

Filesize
45KB

MD5
9fa860ca5f9f1267375c5be740086165

SHA1
65d8a7828f575d923f379202af6b08bb2470af02

SHA256
4b94f4953df81ebf8b1fabbd759d2fe927e609e4b4fd797bafbadbdc9d26c31c

SHA512
ecb3957192f4bc79d449d93dc12b1bd47935ec7f7537a85cac36f2eb90ff5ab8710de0abc560e32e674bcfcff0077b576ffe9cddcc8a424fbd842df8cfb6d873

Download Submit
\Program Files (x86)\Stagsi\Stagsi.exe

Filesize
33KB

MD5
a0209e19aa0657a5d2e88a67ec5f2cb0

SHA1
2fd9adc117432b72b63d90bd49007ba896dbd86c

SHA256
0840d2ad23e278bdf1f5b52e03d386e9e5c731ebd0d365b9084a2714ade508c3

SHA512
be1d11d3b13454bb999deba27ab723cb99ac516f8b11fbfe45cbefe71648599100b0c0cb12f1ad90995cba1689a02a848316cff11b972ec3698537b2b3e2b6a6

Download Submit
\Program Files (x86)\Stagsi\Stagsi.exe

Filesize
145KB

MD5
78aa0fcabb0323207edc6e81445741db

SHA1
e8a55b2ec52ffa3afcc8754532b4eedb7dfd1d98

SHA256
466a4051f81604c0767cbc2a80c04070d80d5276fef85891756492175ae519ba

SHA512
77062d72734497d65add55541b10267455ea0f6e474b3134d9bb5196d898ce99d514f1cdf3c2fa37af7f575890dd7e39dcc00402b1b89d806f89903c70d5ded1

Download Submit
\Program Files (x86)\Stagsi\Stagsi.exe

Filesize
16KB

MD5
1c5d3eab51cf3fc5fc77bf30de235240

SHA1
65840cc4272ed51ead2f59dbe54cad06b7674cba

SHA256
81ddcbfae69160d40e94ca7fef3cc35ce38f0bc728705ac8b304e3771edb69ae

SHA512
d925e8dfbac8b6a09406c445d2771218f4f48514870beec8e1ee656dbe4d0ac54910329bb18688c8544914d7bac3e1f613d8d9ee90fd5b4ba73d132308010bca

Download Submit
\Program Files (x86)\Stagsi\Sup.exe

Filesize
1KB

MD5
3126ee2ab12988693576dd30a177dbd5

SHA1
9b621918e83e1917817ca6805fa610196dedd334

SHA256
8e8c708242eaea7ab597c84da8be2152c5bb178651a68b26fb4abeb1b6ede7a2

SHA512
8f3e2851938a7d5c11f402f9d81cc22f0d7e2fbe43802a5116bb28cb2860c0d285f6a0d3496f1314a1006185137a0d86e8bc72da5f87bd3fd89d9e6624b80414

Download Submit
\Program Files (x86)\Stagsi\Sup.exe

Filesize
42KB

MD5
20bfb8b7ac1f84c1e8c27d82dae255f3

SHA1
4472ca9a60c9f60284455eec3eecd7a07dbd98ad

SHA256
3148658925420d96126ff8b0be44586cef5e51f30bb27fcc73a5877ea9671ee8

SHA512
d5910bec5163a3129c46e4252a40f87e2aaab701fd070845858d242aec92f628a0a99e61cfb9398f4f0775a513a662ea551b19b498e5460f0043357ea5f02141

Download Submit
\Program Files (x86)\Stagsi\Sup.exe

Filesize
41KB

MD5
ccb14f425542d8546dc9c3e064937163

SHA1
006826fd150b6d814ae88772dfe1c77979b6f8f5

SHA256
1f4b9b7b83577703c6f9ce0c9d5888afced3e26d7c14723b5600d0defaf70262

SHA512
5f4c8cbfde30fcffe1cb20a3a6a37b27cda07fb54d0ad897ebdca71b3bc289ce90794eb209250e9ba8dbd896221209e616be1d9eae296d98524976acffea337e

Download Submit
\Program Files (x86)\Stagsi\Sup.exe

Filesize
6KB

MD5
f3901979335993a9d27733ff1b6263dd

SHA1
2517882bb0b4d44186245d4db229148f5c5b0de7

SHA256
a6e3d55ff6e139eb69ff3ad03b651b00a2e4e4700295c916c77bd2ddcd343e63

SHA512
84911724a11f7049d90fe6b5a8ce3b4b1c3a6d22576d8a42919a67e25a492fc019ece80f070e67b348a37f72e1ec6267baef64ed8e679e555e5029ca674ecb3a

Download Submit
\Program Files (x86)\Stagsi\Sup.exe

Filesize
160KB

MD5
21a0729f71b3e1570effb2f587e6238a

SHA1
86369ee2ba930b700b7625fc9874a19169657ed9

SHA256
f939781f6faf69f561f3cd341f8489b3c758b813f43a1faca34c1b5af0f4ebe1

SHA512
618ee37960d98ea359d8cd36a17ea870726710666261e8404c34e9febc217528280c636c4e65387192f7fd89fed426aad69c6b167008f6ed7275a2daec7906d2

Download Submit
\Program Files (x86)\Stagsi\Sup.exe

Filesize
337KB

MD5
934ab28cadc40809829661ae4cda0fb8

SHA1
ee3fbb49327c331f3dfa44c53662e9750d899887

SHA256
dd2bae7c263a95b7a62bff1b7348d4d6d383a0fe87365d47c3aafe23789f90d7

SHA512
2a1b916cccf3aad5cb6d213efcb0dd5e510f499f71403d81feaa708561dd08e21879421bdd28de0c4e5da67fb5e7e4f5385f02c4d3fac98605961b98e81c8d27

Download Submit
\Program Files (x86)\Stagsi\XmpCore.dll

Filesize
45KB

MD5
75d2895eeccc0c28a2120bc8e9109b30

SHA1
815cf093b5b73e805d4bd8eaa74b2a5e75d93048

SHA256
cdf9dfecf7fc0b696c2bd3ef7c64ce1dee0e38bfada83573f43686576efd2599

SHA512
452b185fa848f444c09422c96e34d6b7e6959d7bbe8116ccc54ebd1a02baab2ca7f67993e5761ced23f5f3433b39747ccc7211668c5c2252364aa4201ae1a994

Download Submit
\Program Files (x86)\Stagsi\XmpCore.dll

Filesize
78KB

MD5
f6816d03e79816ce1dffa99b89a751c8

SHA1
c8c0423cfb2501b03838b3cfb69ff160795593da

SHA256
64a94656b46aa598d82a9b7a157906adc7e037d4ccbd9898f2df1d60237bffbb

SHA512
bc8197a463e4bcdd4fd0ff03f26bb1bb98eb7558575c20d5d79759e47a7e4f5d2e536a02d9fa1fe55cae75ab71714a16dc2c8f063b1dc412c1934b0eaed797e6

Download Submit
\Program Files (x86)\Stagsi\_update\post\Supper.exe

Filesize
32KB

MD5
b217ce82f04f788eef535c290b7d807a

SHA1
6380268506ea057c4259dc22fbe700bf0dde89d9

SHA256
3b39975eb5e75eeefea46333ee2bc8096cf55b5d274d7f24c47ef7d9cbf6efd5

SHA512
bd76596a4abd9cb9b41a883d88a53c41ce0ee65a573e2fd386bd204e6d21c254179200a45da141ac29944fcc774ae866168c945b368ae17f6551f46a132f8ee6

Download Submit
\Program Files (x86)\Stagsi\en\Soletude.Stags.Library.resources.dll

Filesize
19KB

MD5
f561161353e0d41742ea972c13adf202

SHA1
bceb686c416020ce8372aa5f4988302ac66ff43e

SHA256
24db7cb7433783f0e1f9e80f00ed88309c1e17e992853ccaf2de4cdb2e8625cc

SHA512
e0e3d88ebb8dce006b8f20ca5e6710e5eb27648a69959680d75d31f4f4bdedd594c845606ab53ed18cad618d7ced6ad3bd429d370c3d13187fd0956cba9dc271

Download Submit
memory/984-162-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/984-214-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/984-163-0x0000000000F40000-0x0000000000F80000-memory.dmp

Filesize
256KB

Download
memory/984-165-0x0000000000F40000-0x0000000000F80000-memory.dmp

Filesize
256KB

Download
memory/984-240-0x0000000000F40000-0x0000000000F80000-memory.dmp

Filesize
256KB

Download
memory/1036-450-0x000000005E620000-0x000000005E86D000-memory.dmp

Filesize
2.3MB

Download
memory/1040-402-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1168-444-0x0000000031000000-0x00000000312AF000-memory.dmp

Filesize
2.7MB

Download
memory/1596-131-0x0000000004A80000-0x0000000004AC0000-memory.dmp

Filesize
256KB

Download
memory/1596-135-0x0000000004A80000-0x0000000004AC0000-memory.dmp

Filesize
256KB

Download
memory/1596-128-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/1596-137-0x0000000000420000-0x000000000042A000-memory.dmp

Filesize
40KB

Download
memory/1596-139-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/1724-426-0x0000000010000000-0x0000000010138000-memory.dmp

Filesize
1.2MB

Download
memory/1800-98-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/1800-105-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download
memory/1800-111-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/1800-97-0x0000000000A40000-0x0000000000ADC000-memory.dmp

Filesize
624KB

Download
memory/1800-100-0x00000000007B0000-0x00000000007F0000-memory.dmp

Filesize
256KB

Download
memory/1800-101-0x00000000007B0000-0x00000000007F0000-memory.dmp

Filesize
256KB

Download
memory/2156-284-0x00000000013B0000-0x00000000013B8000-memory.dmp

Filesize
32KB

Download
memory/2156-229-0x00000000013D0000-0x0000000001496000-memory.dmp

Filesize
792KB

Download
memory/2156-286-0x0000000004960000-0x0000000004985000-memory.dmp

Filesize
148KB

Download
memory/2156-241-0x0000000004D30000-0x0000000004D70000-memory.dmp

Filesize
256KB

Download
memory/2156-289-0x0000000004B50000-0x0000000004B58000-memory.dmp

Filesize
32KB

Download
memory/2156-279-0x0000000004FC0000-0x000000000501C000-memory.dmp

Filesize
368KB

Download
memory/2156-239-0x00000000004E0000-0x00000000004E8000-memory.dmp

Filesize
32KB

Download
memory/2156-253-0x00000000005C0000-0x00000000005E0000-memory.dmp

Filesize
128KB

Download
memory/2156-265-0x0000000000D20000-0x0000000000D36000-memory.dmp

Filesize
88KB

Download
memory/2156-249-0x00000000005A0000-0x00000000005A8000-memory.dmp

Filesize
32KB

Download
memory/2156-291-0x0000000004B60000-0x0000000004B68000-memory.dmp

Filesize
32KB

Download
memory/2156-234-0x00000000012E0000-0x00000000013A2000-memory.dmp

Filesize
776KB

Download
memory/2156-235-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2532-149-0x0000000001230000-0x0000000001270000-memory.dmp

Filesize
256KB

Download
memory/2532-148-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2532-196-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2532-147-0x0000000001270000-0x000000000130C000-memory.dmp

Filesize
624KB

Download
memory/2532-172-0x000000007EF40000-0x000000007EF50000-memory.dmp

Filesize
64KB

Download
memory/2532-150-0x0000000001230000-0x0000000001270000-memory.dmp

Filesize
256KB

Download
memory/2532-197-0x0000000001230000-0x0000000001270000-memory.dmp

Filesize
256KB

Download
memory/2532-151-0x0000000000420000-0x000000000042A000-memory.dmp

Filesize
40KB

Download
memory/2652-230-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2652-245-0x0000000000540000-0x0000000000566000-memory.dmp

Filesize
152KB

Download
memory/2652-255-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2652-228-0x0000000000480000-0x00000000004F4000-memory.dmp

Filesize
464KB

Download
memory/2672-328-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/2692-377-0x0000000010000000-0x000000001004B000-memory.dmp

Filesize
300KB

Download
memory/2756-215-0x000000007EF40000-0x000000007EF50000-memory.dmp

Filesize
64KB

Download
memory/2756-209-0x00000000005F0000-0x00000000005FA000-memory.dmp

Filesize
40KB

Download
memory/2756-260-0x0000000004B70000-0x0000000004BB0000-memory.dmp

Filesize
256KB

Download
memory/2756-204-0x0000000004B70000-0x0000000004BB0000-memory.dmp

Filesize
256KB

Download
memory/2756-202-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2756-254-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2860-287-0x0000000010000000-0x000000001014C000-memory.dmp

Filesize
1.3MB

Download
memory/2860-259-0x0000000002A40000-0x0000000002AB4000-memory.dmp

Filesize
464KB

Download
memory/2860-262-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2880-282-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2880-261-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2880-266-0x0000000010000000-0x0000000010067000-memory.dmp

Filesize
412KB

Download
memory/2880-258-0x0000000000580000-0x00000000005A6000-memory.dmp

Filesize
152KB

Download
memory/2888-35-0x0000000000570000-0x000000000057C000-memory.dmp

Filesize
48KB

Download
memory/2888-130-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2888-20-0x0000000000470000-0x0000000000478000-memory.dmp

Filesize
32KB

Download
memory/2888-37-0x0000000000620000-0x0000000000640000-memory.dmp

Filesize
128KB

Download
memory/2888-132-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/2888-8-0x0000000000410000-0x000000000041A000-memory.dmp

Filesize
40KB

Download
memory/2888-21-0x0000000000600000-0x000000000061C000-memory.dmp

Filesize
112KB

Download
memory/2888-7-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/2888-5-0x00000000001E0000-0x0000000000200000-memory.dmp

Filesize
128KB

Download
memory/2888-4-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/2888-3-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2888-2-0x0000000001040000-0x00000000010DC000-memory.dmp

Filesize
624KB

Download