e1588cefba6c334f7798bdf85b9fde06b3141fa35c5c4c5a151bae4860418154

Analysis

max time kernel
640s
max time network
768s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/01/2024, 02:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

BetaManager_Installer.exe
Size

15.9MB
MD5

31c92c945871fb7413861e7ad803ffbb
SHA1

f62652c95a584f1a2d48dcc30f4077f9685a7b36
SHA256

e1588cefba6c334f7798bdf85b9fde06b3141fa35c5c4c5a151bae4860418154
SHA512

fc59b2043dac318c3a369683d90015b6576fb9984acb4183ca57f9e3bd19b5ce4dd4c7e247311efc436bff824f6df9180d30596dcebc2c3302cb546bab37f3eb
SSDEEP

393216:F/VfTKB25QMWjKvFQJyZxhqrVMvhFtOJaNwq84e3km6Nsk:xI0WjKNQgxywSANwisAsk

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Control Panel\International\Geo\Nation	BetaManager_Installer.exe

Executes dropped EXE 2 IoCs

pid	Process
4904	BetaManager.exe
440	BetaManager.exe

Loads dropped DLL 26 IoCs

pid	Process
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
2140	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
2808	MsiExec.exe
2140	MsiExec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	BetaManager_Installer.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	BetaManager_Installer.exe
File opened (read-only)	\??\P:	BetaManager_Installer.exe
File opened (read-only)	\??\A:	BetaManager_Installer.exe
File opened (read-only)	\??\T:	BetaManager_Installer.exe
File opened (read-only)	\??\Y:	BetaManager_Installer.exe
File opened (read-only)	\??\M:	BetaManager_Installer.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	BetaManager_Installer.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	BetaManager_Installer.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	BetaManager_Installer.exe
File opened (read-only)	\??\L:	BetaManager_Installer.exe
File opened (read-only)	\??\R:	BetaManager_Installer.exe
File opened (read-only)	\??\U:	BetaManager_Installer.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	BetaManager_Installer.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	BetaManager_Installer.exe
File opened (read-only)	\??\Z:	BetaManager_Installer.exe
File opened (read-only)	\??\P:	BetaManager_Installer.exe
File opened (read-only)	\??\Q:	BetaManager_Installer.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	BetaManager_Installer.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\E:	BetaManager_Installer.exe
File opened (read-only)	\??\H:	BetaManager_Installer.exe
File opened (read-only)	\??\V:	BetaManager_Installer.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\O:	BetaManager_Installer.exe
File opened (read-only)	\??\B:	BetaManager_Installer.exe
File opened (read-only)	\??\L:	BetaManager_Installer.exe
File opened (read-only)	\??\V:	BetaManager_Installer.exe
File opened (read-only)	\??\X:	BetaManager_Installer.exe
File opened (read-only)	\??\I:	BetaManager_Installer.exe
File opened (read-only)	\??\W:	BetaManager_Installer.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	BetaManager_Installer.exe
File opened (read-only)	\??\X:	BetaManager_Installer.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	BetaManager_Installer.exe
File opened (read-only)	\??\K:	BetaManager_Installer.exe
File opened (read-only)	\??\N:	BetaManager_Installer.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\B:	BetaManager_Installer.exe
File opened (read-only)	\??\J:	BetaManager_Installer.exe
File opened (read-only)	\??\W:	BetaManager_Installer.exe
File opened (read-only)	\??\E:	BetaManager_Installer.exe
File opened (read-only)	\??\G:	BetaManager_Installer.exe
File opened (read-only)	\??\R:	BetaManager_Installer.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	BetaManager_Installer.exe
File opened (read-only)	\??\S:	BetaManager_Installer.exe
File opened (read-only)	\??\U:	BetaManager_Installer.exe
File opened (read-only)	\??\J:	BetaManager_Installer.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BetaManager\BetaManager.exe	msiexec.exe
File created	C:\Program Files (x86)\BetaManager\BetaManager Updater.exe	msiexec.exe

Drops file in Windows directory 19 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIF888.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFABC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFCD1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF586.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF6B1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{25F5F923-5553-4A42-A894-97DB65BA31C8}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFC72.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFD20.tmp	msiexec.exe
File created	C:\Windows\Installer\{25F5F923-5553-4A42-A894-97DB65BA31C8}\BetaManager.exe	msiexec.exe
File created	C:\Windows\Installer\e58f4cd.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58f4cb.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF5F5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF74F.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\{25F5F923-5553-4A42-A894-97DB65BA31C8}\BetaManager.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1F.tmp	msiexec.exe
File created	C:\Windows\Installer\e58f4cb.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Control Panel\Colors	BetaManager_Installer.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\PackageCode = "ADA5E934F265C3A4DB3916C2EECE0989"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\ProductIcon = "C:\\Windows\\Installer\\{25F5F923-5553-4A42-A894-97DB65BA31C8}\\BetaManager.exe"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\SourceList\PackageName = "BetaManager.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\BETA, Inc\\BetaManager 1.0.3.0\\install\\5BA31C8\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\BETA, Inc\\BetaManager 1.0.3.0\\install\\5BA31C8\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\329F5F52355524A48A4979BD56AB138C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\ProductName = "BetaManager"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\01A8578C22C54F3499342578F9320401	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\01A8578C22C54F3499342578F9320401\329F5F52355524A48A4979BD56AB138C	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\329F5F52355524A48A4979BD56AB138C\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\Version = "16777219"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\329F5F52355524A48A4979BD56AB138C\Clients = 3a0000000000	msiexec.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1788	msiexec.exe
1788	msiexec.exe
4904	BetaManager.exe
4904	BetaManager.exe
440	BetaManager.exe
440	BetaManager.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1788	msiexec.exe
Token: SeCreateTokenPrivilege	2656	BetaManager_Installer.exe
Token: SeAssignPrimaryTokenPrivilege	2656	BetaManager_Installer.exe
Token: SeLockMemoryPrivilege	2656	BetaManager_Installer.exe
Token: SeIncreaseQuotaPrivilege	2656	BetaManager_Installer.exe
Token: SeMachineAccountPrivilege	2656	BetaManager_Installer.exe
Token: SeTcbPrivilege	2656	BetaManager_Installer.exe
Token: SeSecurityPrivilege	2656	BetaManager_Installer.exe
Token: SeTakeOwnershipPrivilege	2656	BetaManager_Installer.exe
Token: SeLoadDriverPrivilege	2656	BetaManager_Installer.exe
Token: SeSystemProfilePrivilege	2656	BetaManager_Installer.exe
Token: SeSystemtimePrivilege	2656	BetaManager_Installer.exe
Token: SeProfSingleProcessPrivilege	2656	BetaManager_Installer.exe
Token: SeIncBasePriorityPrivilege	2656	BetaManager_Installer.exe
Token: SeCreatePagefilePrivilege	2656	BetaManager_Installer.exe
Token: SeCreatePermanentPrivilege	2656	BetaManager_Installer.exe
Token: SeBackupPrivilege	2656	BetaManager_Installer.exe
Token: SeRestorePrivilege	2656	BetaManager_Installer.exe
Token: SeShutdownPrivilege	2656	BetaManager_Installer.exe
Token: SeDebugPrivilege	2656	BetaManager_Installer.exe
Token: SeAuditPrivilege	2656	BetaManager_Installer.exe
Token: SeSystemEnvironmentPrivilege	2656	BetaManager_Installer.exe
Token: SeChangeNotifyPrivilege	2656	BetaManager_Installer.exe
Token: SeRemoteShutdownPrivilege	2656	BetaManager_Installer.exe
Token: SeUndockPrivilege	2656	BetaManager_Installer.exe
Token: SeSyncAgentPrivilege	2656	BetaManager_Installer.exe
Token: SeEnableDelegationPrivilege	2656	BetaManager_Installer.exe
Token: SeManageVolumePrivilege	2656	BetaManager_Installer.exe
Token: SeImpersonatePrivilege	2656	BetaManager_Installer.exe
Token: SeCreateGlobalPrivilege	2656	BetaManager_Installer.exe
Token: SeCreateTokenPrivilege	2656	BetaManager_Installer.exe
Token: SeAssignPrimaryTokenPrivilege	2656	BetaManager_Installer.exe
Token: SeLockMemoryPrivilege	2656	BetaManager_Installer.exe
Token: SeIncreaseQuotaPrivilege	2656	BetaManager_Installer.exe
Token: SeMachineAccountPrivilege	2656	BetaManager_Installer.exe
Token: SeTcbPrivilege	2656	BetaManager_Installer.exe
Token: SeSecurityPrivilege	2656	BetaManager_Installer.exe
Token: SeTakeOwnershipPrivilege	2656	BetaManager_Installer.exe
Token: SeLoadDriverPrivilege	2656	BetaManager_Installer.exe
Token: SeSystemProfilePrivilege	2656	BetaManager_Installer.exe
Token: SeSystemtimePrivilege	2656	BetaManager_Installer.exe
Token: SeProfSingleProcessPrivilege	2656	BetaManager_Installer.exe
Token: SeIncBasePriorityPrivilege	2656	BetaManager_Installer.exe
Token: SeCreatePagefilePrivilege	2656	BetaManager_Installer.exe
Token: SeCreatePermanentPrivilege	2656	BetaManager_Installer.exe
Token: SeBackupPrivilege	2656	BetaManager_Installer.exe
Token: SeRestorePrivilege	2656	BetaManager_Installer.exe
Token: SeShutdownPrivilege	2656	BetaManager_Installer.exe
Token: SeDebugPrivilege	2656	BetaManager_Installer.exe
Token: SeAuditPrivilege	2656	BetaManager_Installer.exe
Token: SeSystemEnvironmentPrivilege	2656	BetaManager_Installer.exe
Token: SeChangeNotifyPrivilege	2656	BetaManager_Installer.exe
Token: SeRemoteShutdownPrivilege	2656	BetaManager_Installer.exe
Token: SeUndockPrivilege	2656	BetaManager_Installer.exe
Token: SeSyncAgentPrivilege	2656	BetaManager_Installer.exe
Token: SeEnableDelegationPrivilege	2656	BetaManager_Installer.exe
Token: SeManageVolumePrivilege	2656	BetaManager_Installer.exe
Token: SeImpersonatePrivilege	2656	BetaManager_Installer.exe
Token: SeCreateGlobalPrivilege	2656	BetaManager_Installer.exe
Token: SeCreateTokenPrivilege	2656	BetaManager_Installer.exe
Token: SeAssignPrimaryTokenPrivilege	2656	BetaManager_Installer.exe
Token: SeLockMemoryPrivilege	2656	BetaManager_Installer.exe
Token: SeIncreaseQuotaPrivilege	2656	BetaManager_Installer.exe
Token: SeMachineAccountPrivilege	2656	BetaManager_Installer.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2656	BetaManager_Installer.exe
2656	BetaManager_Installer.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2140	1788	msiexec.exe	101
PID 1788 wrote to memory of 2140	1788	msiexec.exe	101
PID 1788 wrote to memory of 2140	1788	msiexec.exe	101
PID 2656 wrote to memory of 3116	2656	BetaManager_Installer.exe	105
PID 2656 wrote to memory of 3116	2656	BetaManager_Installer.exe	105
PID 2656 wrote to memory of 3116	2656	BetaManager_Installer.exe	105
PID 1788 wrote to memory of 3808	1788	msiexec.exe	106
PID 1788 wrote to memory of 3808	1788	msiexec.exe	106
PID 1788 wrote to memory of 3808	1788	msiexec.exe	106
PID 1788 wrote to memory of 2808	1788	msiexec.exe	107
PID 1788 wrote to memory of 2808	1788	msiexec.exe	107
PID 1788 wrote to memory of 2808	1788	msiexec.exe	107

C:\Users\Admin\AppData\Local\Temp\BetaManager_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\BetaManager_Installer.exe"
1⤵
- Checks computer location settings
- Enumerates connected drives
- Modifies Control Panel
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\BetaManager_Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\BetaManager_Installer.exe" /i "C:\Users\Admin\AppData\Roaming\BETA, Inc\BetaManager 1.0.3.0\install\5BA31C8\BetaManager.msi" AI_EUIMSI=1 AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\BetaManager_Installer.exe" AiSkipExitDlg="1" APPDIR="C:\Program Files (x86)\BetaManager\" AppsShutdownOption="All" CustomActionData="[AI_ButtonText_Next_Orig]:[ButtonText_Next]:AI_INSTALL|[ButtonText_Next]:[[AI_CommitButton]]:AI_INSTALL|[AI_Text_Next_Orig]:[Text_Next]:AI_INSTALL|[Text_Next]:[Text_Install]:AI_INSTALL" AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\AppData\Local\Temp\BetaManager_Installer.exe" TARGETDIR="C:\" AI_INSTALL="1" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetaManager" SECONDSEQUENCE="1" CLIENTPROCESSID="2656" AI_MORE_CMD_LINE=1
  2⤵
  - Enumerates connected drives
  PID:3116

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B5B76850975C579A7F89CED75CA0BDB3 C
  2⤵
  - Loads dropped DLL
  PID:2140
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D866A7806D3D6F297A8157427EB3BE01
  2⤵
  - Loads dropped DLL
  PID:3808
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 49F7347654A9EB44873F5A084194707F E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:2808

C:\Program Files (x86)\BetaManager\BetaManager.exe
"C:\Program Files (x86)\BetaManager\BetaManager.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4904

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5116

C:\Program Files (x86)\BetaManager\BetaManager.exe
"C:\Program Files (x86)\BetaManager\BetaManager.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\BetaManager\Logs\BetaManager_Logs_2_1_2024__02_48_42.bmlog

Filesize
246B

MD5
f1f2118205301d6788a50714c06b2277

SHA1
760d4a162bfe8cf5338a319e0101e78114ccb916

SHA256
88c4843e09961b81ef646132ec05ef0e07e973571940d197f64c592d017dff35

SHA512
2bae1a440fddfb2623c34155772b869875fade0a00c89671c7487084118aff6a2f69a5c1a722932c23137cc0915bb2198770a312597903f9eaf0650e49b6012f

Download Submit
C:\BetaManager\Logs\BetaManager_Logs_2_1_2024__02_48_42.bmlog

Filesize
425B

MD5
3b9986137528fa5424d0a3efb842bdfc

SHA1
a3adccf5ed1f1b97a667832e6ee660c0e028f73f

SHA256
842b91776b4bd63bdb9225e90de06fa5d8ea652402d73a91e78ad686c651b105

SHA512
28e6596ae18fea502ada18c0edfa7ef44459507dd5faad66705292a70ff9f9ff782865b65bba8cb6cc6d29be13b4a5af30cb2f22791c3985bb995a90050e19ab

Download Submit
C:\BetaManager\Logs\BetaManager_Logs_2_1_2024__02_48_52.bmlog

Filesize
104B

MD5
e880ed04f9ef7fefe4ac81204937b47c

SHA1
0c39bbc66d8a1d9abb7dc26fd098c96d96f06606

SHA256
f05773028fb451f4e9d7157e68564a8734ad244afb6f46a49cf35f99f4e22146

SHA512
ccc221d79b686c98f442973f4705d24700832f6fe8e9ed93e7f53f633ac47e0757a85a47f96db58a6d9ec7650e086eae938cac152eb8956b518956cc6680c116

Download Submit
C:\Config.Msi\e58f4cc.rbs

Filesize
9KB

MD5
8945c6a23af2c8c2ebe30b5f4b2efde0

SHA1
08ac4622aceb291356a1f45dab0da9f1c0995e35

SHA256
3f783291e84b24c8c2cf2e8bcad3fce37db745fb57826b63fbdcb8c0b676d01f

SHA512
379d3d2d5f718316ed1554f238f08b20eca261cc99a0c153c68e69962c88882dab2cfa6cd5ffce9f7e3a686842d19c7279ff1a6145aff29cba95c44fb255b967

Download Submit
C:\Program Files (x86)\BetaManager\BetaManager.exe

Filesize
128KB

MD5
61f6aab768f90c337d7e7372c6fc7fd7

SHA1
083192358d3a9c253aafea2fa3d3f6f1485bf2c5

SHA256
a328d9489d06937518a36efcc1a67670494c57783f2f6eac860f8c1f281140de

SHA512
dfa2a90a87a4199987462493f52cda24528368c4337428d53f1e78f02b8fc5dae68c393c70da7b9a287a672fed7f37c765703b094a047ca480ee70a9d0a429fa

Download Submit
C:\Program Files (x86)\BetaManager\BetaManager.exe

Filesize
1.1MB

MD5
c17526dd7cc984ade0b810bb707c2253

SHA1
748f8164862bc869c58bd34f791353fcc48362cb

SHA256
4d63f084f56956686dd9dab0d92fb663bc6ca9c4307f5a2f45efcdc93c950b46

SHA512
96464e063785964b2e80fffe8aba592eb1b96b688ab932c4170d3fd1efcfe236da0b13665b089aed4693e1d9a76ad565afd85fca38f332f4d2c6ff5bd3c13d2c

Download Submit
C:\Program Files (x86)\BetaManager\BetaManager.exe

Filesize
1.1MB

MD5
0c44953005670dfe4237369c5a4fb027

SHA1
6e159527d8ab401eebc7678e204c91fbf49374e8

SHA256
32340c40ab1b162317ac7a65f2f839cd52f5451018fdb30b15b0c4894b5a6a37

SHA512
c98e480da3c734e904e45d32d8328fad837669972cecb113ce791e03f723e6ad5e30a14257effc263f9bb2fe3befddb03f49f37538bc565780a5af976b6994f0

Download Submit
C:\Program Files (x86)\BetaManager\BetaManager.exe

Filesize
2.3MB

MD5
f225e96d0ad944ba341392569d672669

SHA1
061cfc92b007cd1d334c119fd2efe19956d1fc13

SHA256
538f55abc7893ce5d31efb5b2d91044f5446ca563e4c49212ad026cb9796c68b

SHA512
a12bcdbb89a587386968137cf42a23bbb81bfd7d217e1394fba5e5f7fcac4e4b5b66d4aa75ac5a4e43ebfa525a80336cf6dc2376f34b5f5db03b56afa11f5e38

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2656\aboutbtn.xaml

Filesize
791B

MD5
ea680496ad3d80dc404138cb24187d8b

SHA1
782913444374e5a2844165e5f6b47bd67ebafc3c

SHA256
e95d463716efa3b37fbf909e6b87b8f6cce2b5e38839b5405a817e97fb48e15d

SHA512
4414279d39fa1a59fbf088c8c65db7a048f1245bd9a7eb68ea585341a009b65b652ff81c66166b2f56fed3369d60070800964f532c658b88cd4a93b817c188cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2656\buttonimgs.xaml

Filesize
351B

MD5
118f4c63590056978ac5065ecd4337b7

SHA1
3c8b555894deb0e0f3872ab6badb75d73a837ff5

SHA256
18573b641fd232ce9506dfbb4a15f7871b73bf3499f6a6b5734c2bc152852c94

SHA512
3a6ca3bd174b88dd0bb1b2b160a78e46a2ffe3e52228d48683493e74881419f63bf9c7fbd4a8a754583fb77ef97d77d04136bb9c7c6eecd76a143ac5016fc982

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI1600.tmp

Filesize
13KB

MD5
2b1f2d065101027e6d9c96e39528c5bb

SHA1
6027365834faa6e6c94dbf0c10f487180b62f9e0

SHA256
d56c87c91a9db1822aab196e6ce89db51f8843f1baf721f91bd5b38917b46520

SHA512
63b1b231560f5c4fcdb36139ba0aaefe83716ba61466106432fbaa2decaa94ec5b09b6e3b0b008ae5097ded0f6b03b2ffdd14691d5b8782ad29694f21138fc50

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8AA8.tmp

Filesize
719KB

MD5
c9c085c00bc24802f066e5412defcf50

SHA1
557f02469f3f236097d015327d7ca77260e2aecc

SHA256
a412b642de0e94db761ebd2834dde72eed86e65fc4a580670a300015b874ba24

SHA512
a6fa1f34cd630a7509a6441be7ad060de7e039967d2ec015e27c2a643b04e0eecf53902b7173c4c2e92e3a890bd7acb6a3307d9923838f0bfc71496fb184b1de

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID35B.tmp

Filesize
244KB

MD5
00c733ac1a60ca25865f027dccf906e9

SHA1
c9c51e2b2320ebeb8ad27e8a19de86312ff0cac5

SHA256
248a98e0a9e0dd0ef81ceba65cc877ce00c9ba8e34b1aa0c65abf2310c87332d

SHA512
920dd715697814585aeb22b765a049509c5a1be6df5b967bb4d540dae8793a33a0c4dc740e03a309c43f1960b201287debbf5a517d5f8aa5f6c0062db5baecbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID35B.tmp

Filesize
251KB

MD5
f93f6a6c61049ec5bb705aa871faf6d6

SHA1
06a824e906840be8da01f4cfa00164fe2062b4c2

SHA256
cbef1cc0392457162c742dd6a50be41ad1ec5be29cdfcc78f36a4663fb2bfa75

SHA512
bcf6b51ec8eef9db18e6926199dbba6f661853b45c23411a668fba92bc8ec14a74720a65ef96cdc34c3763f17f7e5695ed9a23b624c5b6e0f91ad3cdaf3fee72

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID35B.tmp

Filesize
132KB

MD5
6eef14f80524d71fd95e58fec3d3eb5d

SHA1
6dfda765226126c6d075b89d2cda77a05815a92b

SHA256
63d87bc92ee7a74a05001bf2f2faf508f1145a488206eab1015cbf3f6b37d8d6

SHA512
7de662f0aaf7ee3cae27ee588b6fcb1ee1d3805ba4c76e858062713adae2383f9be8c475c4e1e41a8e70136b740b713137d5912e586159b2cde31ee583e567c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID37C.tmp

Filesize
293KB

MD5
e70f1c6a0d0fb50718f65752bab189c4

SHA1
23211754971d9961eb7fb531cc6d736541f8a0d9

SHA256
72474f292cf31de4dfa41d6d2495dfba45ba82976d04d1c7ca1dab0544371862

SHA512
248366cc0e2239c418e380165b58cd125d9626ef98b75f893314b6539ae8203f0affd96a742b48456cd6c84037a87b616a7b983f1346d143341435639f3a0854

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID37C.tmp

Filesize
230KB

MD5
40030c65e55e6a9267b85ffda2d8e72c

SHA1
1fd5f9d96df9616065dcbda09b0374401169da79

SHA256
7b3a05a96558d9b2b1f97eab2813f210408bd54ba7e65907ce787a0ba2d90a54

SHA512
7b48c36be3e698144825d0b00b66c4a662be5e6400639a71cdfd21dd713253d2b478fb008530e81bd1dc0de4d2fccdda4bb97515d555525f1b1f54e403d41fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE763.tmp

Filesize
837KB

MD5
2557173f4299722afce46cc3c0616406

SHA1
b0343c9a9552be977834e415783b486c4714fe97

SHA256
e25369e33c7ef36151769a86d833189b275f85045f35873e9e931547e0a6d591

SHA512
24a46359cb8e22534cbd875fe092d096e3280ca4c24936159894ba95832233ee318494a3eabbdf73ae6010e39a1b5897b4488b2771b416b472bb7f60ceddf40e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE7B3.tmp

Filesize
596KB

MD5
b494812fc6fe5c630d1542207684dcfe

SHA1
250912ab73c1647bc8911846f594db207f0b931a

SHA256
e240914276133911a7a2b0f86da25789031a1e53bdf092859bb5a499a6099786

SHA512
da86848a9ca7839b90aac14682d308d092a09619d1794eb7f777b76f5d64810f82807f773fa83168db7cd1b373585bfa9881a6d5049ae327c8fe95ca2aca047b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE7B3.tmp

Filesize
539KB

MD5
4fc67ccb7107c27a3fc8968436aeaab8

SHA1
d32dc3740b9004553066ae973ccd445cb8e1ed8a

SHA256
d3bbf987f3849d29a74c18f197612d439cd051b1525f0c51114fd5769358c4a5

SHA512
a15b0c123213236e54bea27f2a76130f26bab0e1a196271ec555b351e87e479572fe44be97bfac217996c7b045a06ce334c7d4e8f6441a5a82f2a4251260e798

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE7F2.tmp

Filesize
271KB

MD5
f4e4707f85db1cd4e9db8e93dedb8496

SHA1
ea53fa52ecb248d3e37befa16f4a5c16b0c793e1

SHA256
10462f384fc1945e5cda88cda54bb480bf9413f1a7c7e615e267e89f22c9046e

SHA512
c35fb675ca50f4384ec47d2381159f2f1bb8807ff0781cb92ff08297c1da0e9c52d545850fe6535b4f842f0b9f05b4be141623509c6e0be22ee8565593e20bde

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE7F2.tmp

Filesize
180KB

MD5
f86c8b8596c7b34a378c6f1ab5c2a242

SHA1
500fdb02f7e4ed3055bbdf119fef07c33f8f92ba

SHA256
f383d7882e2c8f21721ed08374831fddff7ab0adb9e124e12ae136325b2e445f

SHA512
f9c514bf9cbc3308efd8ab005289503d7b792018defc75257f014b0ced7e32bbbf1f47d7939ba6807ebc790136c1943191324fad53cb3888098cb2acd211f9a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE8BE.tmp

Filesize
258KB

MD5
225a8e6fc2862f3e02859ee620a88c41

SHA1
1b7efa39cb2571b1600c98da11b888f13da40971

SHA256
ccf9beaf84667336bade22e11bdbfd4c81d0ead5067e798be26c7b3650192d2c

SHA512
cc810965ffa80188d83db4ff490695363c1a41c6bb2915da707a9f856fa7a84067d93ce07144251db49cd08adf57ecc809c97caa725d9c721dc2dbe520a13053

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE8BE.tmp

Filesize
242KB

MD5
ed9ba171fcd9bfe711fc4aecd3df0ea2

SHA1
3a39df5746f5435e85268f90963300b4cd376f3a

SHA256
21c39405e8f410ffdc0f23e7d8029e64f29ca6275eec3b1eb115cbddf0d40e12

SHA512
b626f3432fd67d425fb8950a79f7cb683df8774b7ff057474cfd2892ed6a86258c69e74e3c22015bbb89b523de1d1657b6f7352031ea49e72e3fc0851e618270

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE8EE.tmp

Filesize
207KB

MD5
f4cfe75e4624606505ac6a4efb08d31a

SHA1
8085700f7f16d2511f591f5d7c8ff0ae2f57ae3a

SHA256
e05bd36f8fba28c66a5f13fb1d409ec6b33a85e0c32f7aa407005f96cd688e0e

SHA512
20398cb7583aa038116b3549cbf0ea12f2d8dfcc69f61b80dffaa4ea2a7c27474e1df95082899ed47d0aef08a55354e2c97acdf97f96cbea69d3c2df1dedb7f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE8EE.tmp

Filesize
176KB

MD5
f7023534c76bb5286ed82036d4daaea9

SHA1
e9a5b7b197afc0d761f1369fc9ef64f81996914f

SHA256
2347a52a65e547509e59c0ca8d48a051fc442a931c9a2a5c7b544efcfa66986f

SHA512
9bebaecbb952cecee11bab104796f115d64b8475df73d020a5f707fb126a58e4f07ca5e871ef195f9a0f43792e6545ceef7c0846f386c35e1cc7bffe53f9095e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE91E.tmp

Filesize
288KB

MD5
4ae98f8e40a4fc155c9b4f3a7c209736

SHA1
0cb86f8ac27fdfaeaaf2bce7db8c20fc5f9e2104

SHA256
9ef936f7785bf8e189735a57a59f2cc5f3409b680fe5bdb588701773babdeae4

SHA512
b902257282f2c46f960cf84d09ff39c915b07bf8ffa101822e60730ea4524d90f026c8ae735fe87ee507cced75c64725cd960f3d614f2a1ab0f7bfb5ee2bed06

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE91E.tmp

Filesize
292KB

MD5
f5c76e9039d31efe540aece6cffb1307

SHA1
8ab08aa5fc169d0ec57bac42d9b3cbd831a8760a

SHA256
2d9a735455b8c3ef1eec37104490c0e7d837e110726bda276586de7c8f23cc36

SHA512
f89dff098bf36f96d4bbb28a57aab4b241accecbb3f9cab5616301596cf282538ec7b656510980357c78420ece1887efaf4588d96d959ecf3f0fcdf054e30952

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE95D.tmp

Filesize
245KB

MD5
2a96c9c2fca12542049ea7e3adaa2b81

SHA1
678ab16986fd930edaee4b419636d971c827e5e5

SHA256
42b45eaf2adf5d05e68c59797a2ea488bb034b211ae905f5dacb331d50cbab84

SHA512
058620db9699a5c45cebc4d5c518b12bf318b9aeb70a7312e1942c331b46c26795670253b1dd8476932f4eb3dfd5a367689d6a136b4400fd6dd8d2e7faf3c75c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE95D.tmp

Filesize
234KB

MD5
d780657acd16afd8ff6aa3c11af29b6f

SHA1
44cb3438bc4530814a8558d207a83d0a68dea566

SHA256
2d7aff2610a70789d2b5d14ee248aa0050a698223a320395018cc935f8bb2e19

SHA512
8006c0f1c9b0f106bce6540f3849ff907b0ef84e19acd61caeba27b77f47eb18cc74c6c050a45b64d033a8a29902a2c1052a81cde2bf4089d8a620ba5f8142d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE9AD.tmp

Filesize
263KB

MD5
4d0ee0d537c4caf340391dab07cd9151

SHA1
811886cec4012e06017ab46ed8f8c9925878c9dd

SHA256
ef68157fca3ac6bd10ecd4d3d480ae30afa5c6d9800f50fdc2a266d86edc522a

SHA512
b7928e008a55cc3b684085d34c7b266396d2b0104063eb9f9455d99634d6d45cd4b3191206605ee25d7c64afe2526d1c58a36f18a487f78b6b70263512f45102

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE9AD.tmp

Filesize
269KB

MD5
0c7cd44e5d2a3b661650a472b12b417b

SHA1
81dfee87183926607b37d3156a12ae576ee372ec

SHA256
48ff6f92bfc3ea6b2d8c7bf8e6c9c03dc7b996eb07cc8c8e4fbc073250dc9b4c

SHA512
cb49ee0492e01417ea05a6c6e65fe1759b9e8c9e1a52f893d595ed6922d177887300bb2b50908636d164e9b2231e3de2661aa4989cb0fb6bfd4eb36ca3a39076

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE9FC.tmp

Filesize
238KB

MD5
584e53bacce008d6498da2b12072a5d1

SHA1
aef5f92c7b53d56893d1181bf359e40e23e6ceae

SHA256
4dbbd76f3bf3f200c870bddb297ad8c7813bff5b6c7b3be32a7221b01c4e449f

SHA512
f27e1a29deea7fe8497da3694284aa602b6886083fdd62b35eacee60aaf02bc7e4c7acf6edd0906d7f9c965b771c62fc143fe90969e44d2027762d18b1b06913

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE9FC.tmp

Filesize
170KB

MD5
9acc3bdaa3969c0a9a43a3b7b4874b9d

SHA1
28de1dc392535456f3c74ff23dcd058a0c9ab8df

SHA256
dbac1380487bf38f60c91dd9ca46736a4dcd7b2950a5e0f843bbb2d9463a12f5

SHA512
1a206b9ff9101447f65d45b5f87af98f683c0ea50c1f60fa4d406b0d9e4c63bbe03cfc17a978cae6ab3fcdd8beb61222113eef46f83ca176437569537d8dd758

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEA4B.tmp

Filesize
296KB

MD5
a1e92224386afe96c66fd1b98abfb02c

SHA1
5d37ecf204ebcf6c7e0fad582297a131c6d7dc1d

SHA256
45eda1086e62a82430ed290898fa0226fccd4d9c2ef6b2a3396eb2ea1930a361

SHA512
90caedc6f386303b2c985e964ac0a24ffb31a4ce746089f553475bb26139cbdef1a92b3b264a597e4b27a103c633b4d5c1c5f60213f88e082d644ee4cb7c04b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEA4B.tmp

Filesize
255KB

MD5
78016ac3d32120f9c32dea25b9283b50

SHA1
07fb65e6a091e46e80548ad0fbfe2d4d0e76ff22

SHA256
4cca48a0005e71b71f2b35743f60d403e76ce245001296355ee607a0ec1314ae

SHA512
7b061b4d9db5b897d694beef0b94e6aafb9aaaaa9caf2f91abc38222f717b76eec49537232babcfd212988b1a6fbced21d3b4d7a27e5940ff56f4a57f7bb5e45

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEAC9.tmp

Filesize
238KB

MD5
3dd402d8d35523e0a49006d88d1742a5

SHA1
8ae9bc1eaa7acc174e059c5f0467c861001d8002

SHA256
c02c548e2173befe08ca08457b7383f8fc67729b50a7ee01519f3cfb402057b2

SHA512
7dadcda6f84e2dd40a5761c165b4f5fbc2b111476d1919de4f0f42ca83b02e8826ec941376374929e499c803cbe92797e7de6b0f667c8375f26f83985917da17

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEAC9.tmp

Filesize
226KB

MD5
797f2bebd3a5c9042b192cd6523d3f8d

SHA1
a1da80ed22c428ad3784afdeb7bd27d48220145d

SHA256
15fdfcc78ec770f652ca7ce15d6666ef59e9c9642f67bfe4ebcbf599634a2699

SHA512
07fa50f9c81e55d71f05c86d577dd756e0035f8607033121b4a224bd4319105965768a9df36780c41ff8e52388dd26e2e288e7a7051924a0965c24c1c49ac311

Download Submit
C:\Users\Admin\AppData\Local\Temp\shiF400.tmp

Filesize
1.1MB

MD5
49a1f209ba5fe18cc35429c710d4f906

SHA1
cfae03652acad1d043380b5f768457e01705a94b

SHA256
c0ed5d7fa290c7c78b0fd1c7a1b759e1f81c1d1d80acbf15049058cde0931b29

SHA512
06390ba0cfceada128d445149ae07de1117a7fe00899ff809a01a04a017db93bc5f8c88a8c7ad05e06291ece44507f533027bd9b255ef7b84a59f7e46f04c67f

Download Submit
C:\Users\Admin\AppData\Roaming\BETA, Inc\BetaManager 1.0.3.0\install\5BA31C8\BetaManager Updater.exe

Filesize
55KB

MD5
61fc068500d6917ecf525622b87ce63a

SHA1
27d5b44cbf1179716e83a68a90fd59ee70dcb0ee

SHA256
4781388d28d6adc892ed2b35d551caddd20d18844f2492a403ff6fa67e2cf2fb

SHA512
b64183c08abc4b3d05251ca84729902340b20aa8475cbae2584e81877d84a5f6d1dc65a38a0f478ef58be3e207e485f04bd0dbf248f20a0fdac6f7f1c6b1c4d7

Download Submit
C:\Users\Admin\AppData\Roaming\BETA, Inc\BetaManager 1.0.3.0\install\5BA31C8\BetaManager.exe

Filesize
55KB

MD5
39ab683aa7765626612ae19e1d57549a

SHA1
3f85a4e638939318294a48007d28aabaf5370b4b

SHA256
d885401525bc3537366297fae0d211b56a5a7f40b033246909640448300751ee

SHA512
c83df3ec4a29fcbfe27604e7980b81911eb85c4eef5ec9bc5cebf94d0022aa6819fa4ad74a69474ac99399b1874fb69a850071c26a90a2f97f7eda633f013b03

Download Submit
C:\Users\Admin\AppData\Roaming\BETA, Inc\BetaManager 1.0.3.0\install\5BA31C8\BetaManager.msi

Filesize
862KB

MD5
57406f3000d8665608d76fd5f5fd9438

SHA1
cfef2f80260ccf302b204df7e3a70ed08a8bad8a

SHA256
a923427b01f606985cc3630ca0026417c2cc0b858b17a384952bdb934f43b1fc

SHA512
572e64338abaca718cf18cfbeb898e53edbf7eb18c2ed77255e24599aeeb517842854313b1b4895b2a903dda7c1004cdc9e80ff949faf8e9f282ebdbba735262

Download Submit
C:\Users\Admin\AppData\Roaming\BETA, Inc\BetaManager 1.0.3.0\install\5BA31C8\BetaManager.msi

Filesize
7.3MB

MD5
eed128f130fe2585f39b9de921687e64

SHA1
e93293ebcb59701328c5dc9a6b05713f6f4c66e8

SHA256
da45cb4bb612eead8bade794b738f3cd4a25db0b23e95f5a464baa7ab78ff48e

SHA512
28d62141953e257373d70f5c97815c8a4ccd7baf72187ea606764c6a29214c0998bac6fdaec3b506afa0810be80395eb0110e1659cb763a4777b2e2b5bcb69a6

Download Submit
C:\Windows\Installer\MSI1F.tmp

Filesize
133KB

MD5
f6c04bd596a8ba8d7cd010df4c4e4b2c

SHA1
141015a7420b9da0331de97ad62a5283c6764da0

SHA256
aec1f04fd506a5528f84717bbec0555cdf617b994563eaca063ef8a85db4e59b

SHA512
10920abcb5953c16108e0e6854aeccda1d387f4b93245b1b001fb204e60a0ba05615a5493e943bd07ee0f7f7af933423c506f39d65097b68b42c8f5be90be220

Download Submit
C:\Windows\Installer\MSI1F.tmp

Filesize
118KB

MD5
bdca72ade9650bc5f4c074fecabab54c

SHA1
b00c3034fe21674d7d7026c9a9b9f718c820a0ea

SHA256
fb2f376adc6917a8b49d67e1a422926fcfa4a5bd1273ee8d31169c452f54368a

SHA512
2cbaa20e786b5292432c7cccfab638400ce8ffaec460c5d94df440da189774d223e52300fc038bc032cd1c67b2c27f6c5ecaad46c9248c2f219e092529baa758

Download Submit
C:\Windows\Installer\MSIF586.tmp

Filesize
593KB

MD5
edacc4b3f43c19b91f2cbaf18e54d808

SHA1
b072531abc98e30db4861bed84d8c9ce04456696

SHA256
520addf5d4409c7cae9746f2261ad5a7924ca2133472d463c25ccbf25084d15b

SHA512
187c954743b46cccee9141018f6d1130b4bada65abb2e8fa96bc11e3c6ccfd3052881d9eb7a6413c4590cdb3bd2e80d991e65c79a11f64b18db4c727e8772d9c

Download Submit
C:\Windows\Installer\MSIF5F5.tmp

Filesize
666KB

MD5
255c272e3832b83f957d8d8e870585f8

SHA1
915204cdb5989cfb37aa5ec0721838c43d972d7f

SHA256
94932c74433c9fd8e664da60e0fa1fbb5afa21a487cc9a1efdaa15afbfec79fa

SHA512
af7abb1ce868dc644ff7251bfbb0ffe0b99c105f4f32bb9f24a93df127e639bc3c7d6c91fadb1d03965d2a4ba3e8dd939c1b6c26526010fb796a2d7a5215bd6e

Download Submit
C:\Windows\Installer\MSIF5F5.tmp

Filesize
703KB

MD5
73a898b761031e333adbc7b04efc431e

SHA1
1e2abaa96ea8e4ccb5d61a79f60061000a43e5fb

SHA256
244937766b803ef213b21838dff6ffac2b63390151696873c5a47aeb560b554c

SHA512
fd366a48b82d92fb336a6b6c05ffc1a36695025ad0d9c9043c73a832487b06f99e44268910606b50d02c88720cb22482516825ade64ede98fe2e9dfe1130e9c8

Download Submit
C:\Windows\Installer\MSIF6B1.tmp

Filesize
470KB

MD5
856a750ab5d88601e399ab7410ee0405

SHA1
1173cd60e2b430bd943d86487789a457d5bdfe1a

SHA256
ef02bda20096a741a871365795b6e02ccfe5a5ddbaf1a7e66cfa0f36f5818ddf

SHA512
bb13bcbab2ed95b7218d827406b8501f437d950f4ae51ddbdb5287049b12524d82510decb49bd25b3e60fcc5ec60fb86a05528eb9950809a2721d3384e89baa4

Download Submit
C:\Windows\Installer\MSIF6B1.tmp

Filesize
418KB

MD5
da4b800f789df687bb84a5c1687b437c

SHA1
bffe87f32bfc90e606bc3ec29688295ac7ffed7b

SHA256
8d1e32ad18f734ba61b430aeffc4081f2bf2703136150b24543d28c3f9dd727f

SHA512
76f53f580b10855efddf94f2fcf2262e7e737d99b448838e30bc1172df57fe2d741713ae8c7d98527816b11d9413ecb7d3ce70bef5396e699e32bd524ce5ef98

Download Submit
C:\Windows\Installer\MSIF74F.tmp

Filesize
383KB

MD5
366d9ab678d0af45d35cf6658edacd50

SHA1
08184b0fa6bce8d0693de93ab640854174269354

SHA256
3d501766ef052a02ee5b89c163fa0d7a15f18f43eed5f20706ee7443da917579

SHA512
96da653358697d482a63dba791dab885534d100315e846cda1dda404f7754cfdad0e11eabbcd30f599e56b4ef513c0e366c01b586334a5e50a065ca9cce9b492

Download Submit
C:\Windows\Installer\MSIF74F.tmp

Filesize
310KB

MD5
429e576e9f652ab575086dcd9e866062

SHA1
35aee716a298ae40582f33339068da2fe820e9e6

SHA256
2d5043fdabbbfd7f507005fa700ff211756ee5381e5468477ff64aaea409fa02

SHA512
a6b85331c5f29bc77ea172b18ac3c0dc9256521943c722a95997fc3d787a4b4db2373680161343320a1ff8f009985cc3b2b335e5a550cef800c2340842347bee

Download Submit
C:\Windows\Installer\MSIF74F.tmp

Filesize
206KB

MD5
fe1c7838ae0c4fdab9f782ba2eeb3017

SHA1
ec8bb41a8e6f15e43a6d8604dcad68548c2a7899

SHA256
7e7e7d56ceb09951eff2ce7825a02f5c15e56e88dc71cc3f260cefccc5ec8887

SHA512
17b8ee01fe7496d0ffa552f6a4ba40d34572bc664fa926f316670867c7587c3a656c05730b9267e71292f9a4f420e5c05f715be776a5e4fd0cd2fae9b375f232

Download Submit
C:\Windows\Installer\MSIF888.tmp

Filesize
323KB

MD5
b88c5984ff782d0d0aa93934f3fa3514

SHA1
a6ae9f439bd2006f78541e8c673df66af6025ab5

SHA256
2d10d9b470a7799b0ed89a45748bba2682bc17d2e6e1de8a1b3e28aeeb101318

SHA512
a15fb62074a83bedd6933d7368697af371825b98a050a8968da587683e1522e2fac2ae939a2bd8e4b602f5ce6bfa6033ba51a16a46fc002170887126f2c29d4c

Download Submit
C:\Windows\Installer\MSIF888.tmp

Filesize
307KB

MD5
1786407ed25e1dc941a4b339674fbac7

SHA1
657c299f88a1d002483523c6588cebc8eb18571f

SHA256
cb848b933ea02296758219fd7c116c46ae75f8ce801a06f53b0204c90a23b3e6

SHA512
38bb21ba5337da280d46a49522e970682a76776d8f13d435b23df6c51acd16428f4809955a9fa0e5c3e1387c1ad5e708a3689edc45dc1ad959dfaa4a1e2e439d

Download Submit
C:\Windows\Installer\MSIFABC.tmp

Filesize
111KB

MD5
45525b1dc764a216d427cae46d00654a

SHA1
1e06f3d800ae6ff5a1c3579cf7bc8ecad0744974

SHA256
46d2b188e419752b146e357faa91623ffd5ce17098730ec981225cfcf43ef1f7

SHA512
c0629a2c77e182bff8eb34bb859e20ff82d6f46a12ca61cb460cd5f2830a09e4e3add46e935384ddb3e95fe6ffb045e0ec7cecf02e51c2d94fd16354e4b843a3

Download Submit
C:\Windows\Installer\MSIFABC.tmp

Filesize
87KB

MD5
a8ec0ff32687d560a4675669a65055c4

SHA1
48367c140fa43ff86ede3c49f7b79b8207a816da

SHA256
074f8612084fc0c3814bb147fb00eadcf664333bd908524a24355fb749d30333

SHA512
52c5717af716de7f2fe1edd6d7a8b9c98adc0c4365246653b3663e2562e0fad10dab25a80ed85fe5a84da3a7fc7c98dd16ee3b44ca4263eab6ab4c25a9d45b7e

Download Submit
C:\Windows\Installer\MSIFCD1.tmp

Filesize
338KB

MD5
8c5bb7b5bbe9b57a439519ae7f311042

SHA1
2fc0a55d22fbc72ecc634e804f602cc3438cef82

SHA256
e1fb530a8c4ae1af80549e3a7a402559a658278b4796492c509d0dd4a38c51b6

SHA512
4d9c9d7e1b3f742b949ba9d95156d84cf0fed76dcf204dfd1b5891c91194d1774482d968b0a7c3364cb87535a2e76063b93ff8316eb5c5d05e304dd51b6d094c

Download Submit
C:\Windows\Installer\MSIFCD1.tmp

Filesize
309KB

MD5
72b28212fd759953643a5e84a2de19fa

SHA1
43a138fc9c92504154967a9e33cdc7feaa779de9

SHA256
4a65ae41dab6dda19d04970f178a359a75aad0adec161952e38b20e16bc03c03

SHA512
492774a6a35b938db5bdd9f9ee45f6238d11571c761d39fc2e0e97ffa4faab01cca3eea046608450116038cd875127e08f2612892bc3704301fd4db3ed3c5179

Download Submit
C:\Windows\Installer\MSIFD20.tmp

Filesize
320KB

MD5
ff3bb27398cecd15257d303657f92196

SHA1
900763792f0b324935e40353597d4b8f0a4266f0

SHA256
5f043999295f39b070bea5acff31893cd4f1201ad85be95065ca2f32a8a8b1ec

SHA512
d81d6ba1d9c60ba442010f96b4f09551d1934a042d49fd1156a3563c57a177aec5852545b66467a044afcf46414c6866259129e89447b5ded4cf06fde92f3bed

Download Submit
C:\Windows\Installer\MSIFD20.tmp

Filesize
399KB

MD5
2f460d81ef08038d2991118786846df0

SHA1
46394e61efc86f4f29707b55ef651d81ffa26263

SHA256
65265aab41b3cbf4b8ad6a8b1d6e02ee82a2168a9c07a0328dcbfb10bbc366bd

SHA512
3993e1653d7c866d74203e79cdbcdf9b8d75fcded33a102c82626d8130d496917d6321df1503359ebdab9a03a529ffedfcf8356f201bdc05236313e7a03fea8e

Download Submit
memory/440-251-0x0000000075010000-0x00000000757C0000-memory.dmp

Filesize
7.7MB

Download
memory/440-324-0x0000000006220000-0x0000000006230000-memory.dmp

Filesize
64KB

Download
memory/440-325-0x0000000075010000-0x00000000757C0000-memory.dmp

Filesize
7.7MB

Download
memory/440-332-0x0000000006220000-0x0000000006230000-memory.dmp

Filesize
64KB

Download
memory/440-305-0x0000000006220000-0x0000000006230000-memory.dmp

Filesize
64KB

Download
memory/4904-265-0x0000000006B20000-0x0000000006B38000-memory.dmp

Filesize
96KB

Download
memory/4904-293-0x00000000077C0000-0x00000000077C8000-memory.dmp

Filesize
32KB

Download
memory/4904-261-0x0000000006960000-0x0000000006970000-memory.dmp

Filesize
64KB

Download
memory/4904-260-0x0000000006970000-0x0000000006996000-memory.dmp

Filesize
152KB

Download
memory/4904-262-0x0000000006AF0000-0x0000000006AF8000-memory.dmp

Filesize
32KB

Download
memory/4904-258-0x0000000005C20000-0x0000000005C2E000-memory.dmp

Filesize
56KB

Download
memory/4904-263-0x0000000006AE0000-0x0000000006AF4000-memory.dmp

Filesize
80KB

Download
memory/4904-264-0x0000000006B10000-0x0000000006B1E000-memory.dmp

Filesize
56KB

Download
memory/4904-257-0x0000000006110000-0x000000000612A000-memory.dmp

Filesize
104KB

Download
memory/4904-266-0x0000000006BC0000-0x0000000006BD0000-memory.dmp

Filesize
64KB

Download
memory/4904-267-0x0000000006BE0000-0x0000000006BFC000-memory.dmp

Filesize
112KB

Download
memory/4904-269-0x0000000006D60000-0x0000000006D68000-memory.dmp

Filesize
32KB

Download
memory/4904-268-0x0000000006D50000-0x0000000006D66000-memory.dmp

Filesize
88KB

Download
memory/4904-270-0x00000000070C0000-0x00000000070E2000-memory.dmp

Filesize
136KB

Download
memory/4904-271-0x0000000007BE0000-0x0000000008184000-memory.dmp

Filesize
5.6MB

Download
memory/4904-273-0x00000000077D0000-0x0000000007862000-memory.dmp

Filesize
584KB

Download
memory/4904-282-0x0000000008390000-0x0000000008450000-memory.dmp

Filesize
768KB

Download
memory/4904-256-0x00000000060B0000-0x00000000060CA000-memory.dmp

Filesize
104KB

Download
memory/4904-292-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/4904-259-0x0000000006940000-0x000000000694C000-memory.dmp

Filesize
48KB

Download
memory/4904-291-0x0000000075010000-0x00000000757C0000-memory.dmp

Filesize
7.7MB

Download
memory/4904-294-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/4904-295-0x000000000A790000-0x000000000A798000-memory.dmp

Filesize
32KB

Download
memory/4904-296-0x000000000A600000-0x000000000A638000-memory.dmp

Filesize
224KB

Download
memory/4904-297-0x000000000A5E0000-0x000000000A5EE000-memory.dmp

Filesize
56KB

Download
memory/4904-298-0x00000000106D0000-0x0000000010746000-memory.dmp

Filesize
472KB

Download
memory/4904-299-0x0000000010750000-0x0000000010802000-memory.dmp

Filesize
712KB

Download
memory/4904-302-0x000000000E670000-0x000000000E68E000-memory.dmp

Filesize
120KB

Download
memory/4904-255-0x0000000001F20000-0x0000000001FAE000-memory.dmp

Filesize
568KB

Download
memory/4904-254-0x0000000003B70000-0x0000000003B7A000-memory.dmp

Filesize
40KB

Download
memory/4904-253-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/4904-252-0x000000000A880000-0x000000000B1AC000-memory.dmp

Filesize
9.2MB

Download
memory/4904-249-0x0000000000CF0000-0x00000000016F4000-memory.dmp

Filesize
10.0MB

Download
memory/4904-328-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/4904-329-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/4904-330-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/4904-331-0x0000000006440000-0x0000000006448000-memory.dmp

Filesize
32KB

Download
memory/4904-248-0x0000000075010000-0x00000000757C0000-memory.dmp

Filesize
7.7MB

Download