Overview

overview

8

Static

static

3

DroidCam_6.5.2.exe

windows7-x64

8

DroidCam_6.5.2.exe

windows10-2004-x64

8

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

DroidCamApp.exe

windows7-x64

1

DroidCamApp.exe

windows10-2004-x64

1

adb/AdbWinApi.dll

windows7-x64

3

adb/AdbWinApi.dll

windows10-2004-x64

3

adb/AdbWinUsbApi.dll

windows7-x64

1

adb/AdbWinUsbApi.dll

windows10-2004-x64

3

adb/adb.exe

windows7-x64

1

adb/adb.exe

windows10-2004-x64

1

lib/DroidC...32.dll

windows7-x64

1

lib/DroidC...32.dll

windows10-2004-x64

1

lib/insdrv.exe

windows7-x64

1

lib/insdrv.exe

windows10-2004-x64

1

plist.dll

windows7-x64

3

plist.dll

windows10-2004-x64

3

usbmuxd.dll

windows7-x64

1

usbmuxd.dll

windows10-2004-x64

1

vc_redist.x86.exe

windows7-x64

7

vc_redist.x86.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2024, 16:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    DroidCam_6.5.2.exe

  • Size

    15.6MB

  • MD5

    d952d907646a522caf6ec5d00d114ce1

  • SHA1

    75ad9bacb60ded431058a50a220e22a35e3d03f7

  • SHA256

    f92ad1e92780a039397fd62d04affe97f1a65d04e7a41c9b5da6dd3fd265967e

  • SHA512

    3bfaee91d161de09c66ef7a85ad402f180624293cdc13d048edbeec5a3c4ad2bc84d5fde92383feb9b9f2d83e40a3e9ff27e81a32e605513611b6001f284b9fe

  • SSDEEP

    393216:oZsfK4YUD12zS7SEOegn4j7BgNE9O+wcDGFdClu8ZLzzpC4:gsfKPUD1kS7249O3cDGvClnlC4

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Manipulates Digital Signatures 1 TTPs 1 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Drops file in System32 directory 21 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 27 IoCs
  • Drops file in Windows directory 15 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 21 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 29 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    evasionspywaretrojan
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 49 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\DroidCam_6.5.2.exe
    "C:\Users\Admin\AppData\Local\Temp\DroidCam_6.5.2.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:844
    • C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
      "C:\Program Files (x86)\DroidCam\vc_redist.x86.exe" /install /quiet
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
        "C:\Program Files (x86)\DroidCam\vc_redist.x86.exe" /install /quiet -burn.unelevated BurnPipe.{BCEBBF3A-862A-4755-88FF-9379881C3F95} {05176916-5E0F-4A1A-B8B0-F5970DB231F0} 2656
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2488
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c install.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:624
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s "DroidCamFilter32.ax"
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:1672
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s "DroidCamFilter64.ax"
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2780
        • C:\Windows\system32\regsvr32.exe
          /s "DroidCamFilter64.ax"
          4⤵
          • Loads dropped DLL
          • Registers COM server for autorun
          • Modifies registry class
          PID:1752
    • C:\Program Files (x86)\DroidCam\lib\insdrv.exe
      "C:\Program Files (x86)\DroidCam\lib\insdrv.exe" +a
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of AdjustPrivilegeToken
      PID:2036
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{0a8bad77-db38-53e3-1321-0b3a1263d774}\droidcam.inf" "9" "6e67c8bbf" "0000000000000574" "WinSta0\Default" "0000000000000560" "208" "c:\program files (x86)\droidcam\lib"
    1⤵
    • Manipulates Digital Signatures
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{259218f8-da65-5270-0ad1-c213ac96e93c} Global\{5bba3e4e-bc7b-2b11-0a9f-9129df3f0812} C:\Windows\System32\DriverStore\Temp\{376d2083-05d6-51f3-bc03-7f7608dd067f}\droidcam.inf C:\Windows\System32\DriverStore\Temp\{376d2083-05d6-51f3-bc03-7f7608dd067f}\droidcam.cat
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1900
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2936
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005D8" "00000000000005D4"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:880
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem2.inf" "droidcam.inf:MicrosoftDS.NTAMD64:DroidCam_PCMEX:1.0.0.1:droidcam" "6e67c8bbf" "0000000000000574" "0000000000000498" "00000000000005E0"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2972
  • C:\Program Files (x86)\DroidCam\DroidCamApp.exe
    "C:\Program Files (x86)\DroidCam\DroidCamApp.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:616

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\DroidCam\lib\DroidCamFilter32.ax
          Filesize

          84KB

          MD5

          efe71ae8a02ca59a0855cd649f5e58b8

          SHA1

          0a5ba3257ad82f71890c0fa55a5f7405d0b6b4ac

          SHA256

          ffb22ab7b98ecc98c22cf675bfab61c875127137277e1f66bc3d7269c3b42652

          SHA512

          bad93c560355019f739158d2a25e7643a08cdcb000b378099aa2431ba4d023aa72741e674912d738b0ac6d21e44417f5406eee67f16035f6a783a5226b0d65a4

          Download Submit

        • C:\Program Files (x86)\DroidCam\lib\DroidCamFilter64.ax
          Filesize

          157KB

          MD5

          78022c387da1e93dc0442b656837953e

          SHA1

          e2adf94ec9854e7e57ec0c885a67aa2b9444b233

          SHA256

          c85b89c5d77a8b41b1a8213783f3ebfcc2fbed959149c5e5ed0f48204d9c4d09

          SHA512

          1673125e743874f2ff155a0ea2aaeb31b1aac013a8db2995752f0fbcd6794d41a8f75a7acfeeec6e91e4954423304f9c5d876638a528845054496100e700a539

          Download Submit

        • C:\Program Files (x86)\DroidCam\lib\install.bat
          Filesize

          254B

          MD5

          cfaaa32cc4fd40e36512f768bd75a0e1

          SHA1

          6ed1063ab547f65aace2fd98713df6d29834c19a

          SHA256

          d7b86a37b02fed2794904cb28c0fa64a1e0d2218fab608250c8531c1b9ddc439

          SHA512

          d2fe74d8e10b6378c48b72c9e22515a31592859d1f725bc86d9e48fcce9f7421e7afe477feb1c2041ff46b2620ad4244c887c670dc25e8acd70029e2166a0a93

          Download Submit

        • C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
          Filesize

          3.7MB

          MD5

          788d378bda46db4902287e410a0f1657

          SHA1

          52ad0f63a9dc4ed341ec51edafc4618e11738745

          SHA256

          d7e37d41019b99a94436c49eb8a1c702dfd75c84af1aeda90fae6762639ecad9

          SHA512

          e4bcfdf2c141162e8fe3443a8b67d72de7e3c7676b1d9d34c8f8a1ffd6ce11501c1a0232097369cb714981ce5c8d20c16f15eee536223a8ed9bff629acb20f10

          Download Submit

        • C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
          Filesize

          2.4MB

          MD5

          12407fef90b6cca4bb672369e11c716a

          SHA1

          d72f33029868839ba59082fa1e0e114289f93524

          SHA256

          b1a01776b7a13066c90ef85739e7900ae3837e4014f3182abcb93f3464fc189f

          SHA512

          bc1e55989875d8e3e27225414480730b644aef6df83cd5a2e81434b53f0e17a858a16174802bbd8148b79ebc5ab523318474330a659653738d5c8b9c833a51bf

          Download Submit

        • C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
          Filesize

          832KB

          MD5

          41684f87c6807932b9570349a33f16f6

          SHA1

          32cc1b793dccb88b6037f7b11fb7e487bd7f3a9f

          SHA256

          df389353820e89d8083933a589a5c4d8e0645f8525547769a8592588c524a551

          SHA512

          973716f5517f19e7deb9ffcf5785b0d8f273d437c030ceedcfa3f68fd10088c539aeb3e4987a918573d7dd53b7dfb23b320bc16c0ea9496b7218d79b97b530aa

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab870D.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar878C.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsy560D.tmp\modern-wizard.bmp
          Filesize

          25KB

          MD5

          cbe40fd2b1ec96daedc65da172d90022

          SHA1

          366c216220aa4329dff6c485fd0e9b0f4f0a7944

          SHA256

          3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

          SHA512

          62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\logo.png
          Filesize

          1KB

          MD5

          d6bd210f227442b3362493d046cea233

          SHA1

          ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

          SHA256

          335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

          SHA512

          464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

          Download Submit

        • C:\Windows\System32\DriverStore\FileRepository\droidcam.inf_amd64_neutral_d98d50465b5eb493\droidcam.PNF
          Filesize

          10KB

          MD5

          9b5e8dad6956fb019ff708e1be4c3384

          SHA1

          5681775a850517d444cbeca8c972e81e2b33681f

          SHA256

          7fd3f3d9cd357840d6686c54d9083aa3e6fe3e1cfb6965195a42b1438d9871c4

          SHA512

          3339bffc2427c4d8f332b46f2f1b11fb5f68625d0e62c7e8142d71959a13ad0a3f506f2e4812665fb16e77c373b476488c6457ea91587a32b54daf937c711448

          Download Submit

        • C:\Windows\System32\DriverStore\INFCACHE.1
          Filesize

          1.4MB

          MD5

          2e8de21d5cfa3c57fd562eb7aa8fd8ed

          SHA1

          e15d5ee1f1a2f948831ae4271bcdbd2ef0993210

          SHA256

          e05c49e2b7f5b735e213943b4556a89fdb3986a14d4ca99a14af96415984fcce

          SHA512

          ce5a8f7f9d633cdbd86f4cacdcce86fc05a14d0c467610d063cfb04fed0f5028d2ba165b46fb61046c09bc4369a59fbca61ee877e49ada86bce58bb18175020a

          Download Submit

        • C:\Windows\Temp\Cab8C2B.tmp
          Filesize

          29KB

          MD5

          d59a6b36c5a94916241a3ead50222b6f

          SHA1

          e274e9486d318c383bc4b9812844ba56f0cff3c6

          SHA256

          a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

          SHA512

          17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

          Download Submit

        • C:\Windows\Temp\Tar8C7C.tmp
          Filesize

          81KB

          MD5

          b13f51572f55a2d31ed9f266d581e9ea

          SHA1

          7eef3111b878e159e520f34410ad87adecf0ca92

          SHA256

          725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

          SHA512

          f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

          Download Submit

        • \??\c:\PROGRA~2\droidcam\lib\droidcam.sys
          Filesize

          30KB

          MD5

          65f3e2bdb187ef73ce65b92c770594dd

          SHA1

          514f571ed0f89e50b53909e3f9550cad6107ceea

          SHA256

          13d6fb4d2284ec6b138740aaef4c7f6ac82e78d59891f4e51c8656f05150db8e

          SHA512

          2b5def159bd09b20cbcd03de3d2973c1fd216b35de71006c3077aeeddb71165075545941ebd53807fdd5cf682ec3eaadaeab9504b55a85c895cc1b811cf1a0c0

          Download Submit

        • \??\c:\program files (x86)\droidcam\lib\droidcam.cat
          Filesize

          9KB

          MD5

          f6e94e3d7d3fe771b1933e06b7ba79b5

          SHA1

          65da1b5ab85f7b60f88c92101fdf95bfc7fe3931

          SHA256

          2a6124f7df464a02fc560cdf982eb3a65793e0c9252b361ec1e386bf4f63b60c

          SHA512

          45cc73010f8b3b638ce7349179a1a603ec009d0ce1066beafa03cc85c3a5a055c6430e50b9e298411d8dd617b698fd49364f8491ac95768a0a91c01c9e4390d4

          Download Submit

        • \??\c:\program files (x86)\droidcam\lib\droidcam.inf
          Filesize

          2KB

          MD5

          aed4aa73848bd3423c170bf58f8febfa

          SHA1

          dfac68f7df29410357c00effee42e40bd0491167

          SHA256

          1cd87356a573e9def505dc8cc5e9f682e3cceecf499f50007b85def3c842b630

          SHA512

          4a9900d422447c59342c88e164d81c4187743e63eb5f993800311397bbdf43bea90e456b720fcd3e679bf029be70220e0b89c60d2717bf278d76c1049d921bfa

          Download Submit

        • \Program Files (x86)\DroidCam\DroidCamApp.exe
          Filesize

          942KB

          MD5

          f8c12fc1b20887fdb70c7f02f0d7bfb3

          SHA1

          28d18fd281e17c919f81eda3a2f0d8765f57049f

          SHA256

          082f5c3fd2fd80505cbd4dbdbb7c50e83c2e81f033a04ea53832dbf0a3fc4933

          SHA512

          97c5d158abb119e076ace4b1398de19029b5d44566d9a293811bf7edbb0db120354cc396aed72bf62766799dc5db266d4b2ee7aee3ffc2818d8be77a4665ad2f

          Download Submit

        • \Program Files (x86)\DroidCam\avcodec-58.dll
          Filesize

          1.9MB

          MD5

          5faf0e59bf7ab03adde5f146cc08a777

          SHA1

          edbdf307186c45d90bee94ca468642f248737635

          SHA256

          03ff2145b20ed54e35830545a830a6aefe7804c775e4ff1cfda6fe91ab6e052b

          SHA512

          e2842fe5f4119d0e5e5da881167b1ccc9891a033873619ad2f9ca28a0a150cf8307f7297fb0f70ba1ba5dc44ea5da712cdc5320dff906f81193e809bee9799d4

          Download Submit

        • \Program Files (x86)\DroidCam\avutil-56.dll
          Filesize

          812KB

          MD5

          f1493a182787b87e272745d7cf8d13d2

          SHA1

          aa71e51fb0c157780ec85b8121941b2e1e884a23

          SHA256

          620a6ce8a2101a9472e54ebf219aa0fb8260f99248922ca3ac057f21cc9ceb0d

          SHA512

          f95254d4e32b3ae7af963dc9a83612ce9f3dbd78c6db549e74a236da68966d2ebfaceedd102f9af7cf800f5de438d6522369c2da3b8495a820c22c3ea6c1d2d1

          Download Submit

        • \Program Files (x86)\DroidCam\lib\insdrv.exe
          Filesize

          13KB

          MD5

          fdabbeb1ee62a56fb695ca6e8ad3d4a1

          SHA1

          2c8851470a122da74de43de371c94c39befa0696

          SHA256

          d18438bf03d25002e5aa161669a7cb01d0b2c83d2fa5dc2f9217c3b656eb6b9f

          SHA512

          97e42153bd5ce9bffdf166630dd677bc1e4945d24cb732dcaa616563b892046d4b9a70d556a9bf907947a8bfcf1c28edbd2dac11bfa4bf40a14db3399e6420d9

          Download Submit

        • \Program Files (x86)\DroidCam\libwinpthread-1.dll
          Filesize

          77KB

          MD5

          f154be41738cfcc36f571602666ea751

          SHA1

          22aefe1948b666232e3aae0c80731a0721be0c93

          SHA256

          66a2686d2fcdd3f3bfcf39a219519dbe597a8c5f94b4426da5d0e01f3a2d42cd

          SHA512

          2d6cbd710a290cb9d413798455c450fe985dbc50eabb4405f3588f3cd8a49f4d49bdf2553b3ff7e809814eaadae9d26caf16f50525609a2dd3fd44d32ebec8b9

          Download Submit

        • \Program Files (x86)\DroidCam\swscale-5.dll
          Filesize

          636KB

          MD5

          050f6892cb1f9c76d482b967e891615f

          SHA1

          e37f60aefa9caff1772c7750ce97e23a79380c89

          SHA256

          c345bb33691f6a483b9da275c38a67974c8648f9e65800abb3057510dc7e81b7

          SHA512

          678ddc355bc0f0f9d17aab9c054d727cbf7db414e2744f6715e6aad715cd944bea04005ab4e0e2571e95b9aa9149e92edcd83bf5feaecc5457d765513619d0ac

          Download Submit

        • \Program Files (x86)\DroidCam\vc_redist.x86.exe
          Filesize

          4.8MB

          MD5

          db0c596f4874c0d5621e42c51d2a04bc

          SHA1

          c86aa6ebf7718afee5c02606accdbd27a8c198a8

          SHA256

          2421385460234ac11553d5ae1a2578daee44cb4b839b87dc96d20b5704a41b0a

          SHA512

          ab0d6f1a0bdf2a645f0d6a8f54163100d0f7b324644f2647c13cb38d36f41ff02d6ec120f9f0df02b3611602938107dcfa86aa15ba00339ed164eb872ecec7b4

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy560D.tmp\System.dll
          Filesize

          11KB

          MD5

          c9473cb90d79a374b2ba6040ca16e45c

          SHA1

          ab95b54f12796dce57210d65f05124a6ed81234a

          SHA256

          b80a5cba69d1853ed5979b0ca0352437bf368a5cfb86cb4528edadd410e11352

          SHA512

          eafe7d5894622bc21f663bca4dd594392ee0f5b29270b6b56b0187093d6a3a103545464ff6398ad32d2cf15dab79b1f133218ba9ba337ddc01330b5ada804d7b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy560D.tmp\nsDialogs.dll
          Filesize

          9KB

          MD5

          12465ce89d3853918ed3476d70223226

          SHA1

          4c9f4b8b77a254c2aeace08c78c1cffbb791640d

          SHA256

          5157fe688cca27d348171bd5a8b117de348c0844ca5cb82bc68cbd7d873a3fdc

          SHA512

          20495270bcd0cae3102ffae0a3e783fad5f0218a5e844c767b07a10d2cfab2fab0afb5e07befa531ba466393a3d6255741f89c6def21ec2887234f49adceea2f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy560D.tmp\nsExec.dll
          Filesize

          6KB

          MD5

          0a6f707fa22c3f3e5d1abb54b0894ad6

          SHA1

          610cb2c3623199d0d7461fc775297e23cef88c4e

          SHA256

          370e47364561fa501b1300b056fb53fae12b1639fdf5f113275bee03546081c0

          SHA512

          af0c8ca0c892f1b757fbd700061f3d81417dff11d89bdff45e977de81ad51c97862406cf7e230e76cf99497f93f57bf09609740953cd81b0d795465ac2623ea8

          Download Submit

        • \Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\wixstdba.dll
          Filesize

          118KB

          MD5

          4d20a950a3571d11236482754b4a8e76

          SHA1

          e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

          SHA256

          a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

          SHA512

          8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

          Download Submit

        • memory/616-420-0x0000000074D40000-0x0000000074E08000-memory.dmp

          Filesize

          800KB

          Download

        • memory/616-421-0x0000000074520000-0x00000000746EC000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/616-422-0x0000000074520000-0x00000000746EC000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/1900-276-0x0000000001D50000-0x0000000001D51000-memory.dmp

          Filesize

          4KB

          Download