79c189397a916db566ffada391e793001ef3bcde19d32c913dd1e76752895507

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 09:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nomacs-setup-x64.msi
Size

38.0MB
MD5

d7093d466d2e250db5f59d5829c1e310
SHA1

55abda509aaf7e20e567c91b6387a4dd0166d6b6
SHA256

79c189397a916db566ffada391e793001ef3bcde19d32c913dd1e76752895507
SHA512

777ee271806c5453f357793417086dd0fa660b1c84c48fae0c252a2baf0470989d4ae60437b9bdcc2cec4439648bcd2ec37443677b312c2a10886955d6b14e2b
SSDEEP

786432:27yzsMB7wCKT6L4aRaVX/uqlvULhxyFfR4Wq5akXVbRzeN:2uHwCWQgVX/NU7yrea0AN

Score

6^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
12	844	msiexec.exe
18	844	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nomacs\bin\api-ms-win-crt-filesystem-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\Qt5PrintSupport.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\imageformats\qgif.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\translations\nomacs_nl.qm	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\api-ms-win-crt-string-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\imageformats\qavif.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\translations\nomacs_als.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\expat.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\api-ms-win-crt-utility-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\opencv_core430.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\translations\nomacs_nl.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\Qt5Concurrent.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\imageformats\qico.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\Qt5Svg.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\translations\nomacs_pl.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\translations\nomacs_de.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\api-ms-win-crt-math-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\MSVCP140.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\Qt5Widgets.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\api-ms-win-crt-locale-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\translations\nomacs_als.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\translations\nomacs_sr.qm	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\libcrypto-1_1-x64.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\imageformats\qicns.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\imageformats\qpcx.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\VCRUNTIME140_1.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\imageformats\qjpeg.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\translations\nomacs_hu.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\Qt5Core.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\imageformats\qmng.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\translations\nomacs_fi.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\exiv2.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\api-ms-win-crt-convert-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\translations\nomacs_cs.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\plugins\fakeMiniaturesPlugin.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\api-ms-win-crt-heap-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\translations\nomacs_ko.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\plugins\paintPlugin.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\imageformats\qjp2.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\themes\Dark-Theme.css	msiexec.exe
File created	C:\Program Files\nomacs\bin\api-ms-win-crt-runtime-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\plugins\pageExtractionPlugin.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\translations\nomacs_sk.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\translations\nomacs_es.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\default.ini	msiexec.exe
File created	C:\Program Files\nomacs\bin\translations\nomacs_it.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\nomacsCore.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\platforms\qwindows.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\plugins\affineTransformPlugin.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\imageformats\qpcx.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\imageformats\qtga.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\Qt5Network.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\translations\nomacs_ca.qm	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\translations\nomacs_el.qm	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\translations\nomacs_zh_CN.qm	msiexec.exe
File created	C:\Program Files\nomacs\bin\plugins\CompositePlugin.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\api-ms-win-crt-time-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\plugins\fakeMiniaturesPlugin.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\quazip5.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\imageformats\qwebp.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\quazip5.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\api-ms-win-crt-filesystem-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\nomacs\bin\Qt5Gui.dll	msiexec.exe
File created	C:\Program Files\nomacs\bin\translations\nomacs_tw_zh.qm	msiexec.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\e577add.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5EA83D2A-E3B5-43C0-A5A6-9D57BDDA792B}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7CF0.tmp	msiexec.exe
File created	C:\Windows\Installer\e577adf.msi	msiexec.exe
File created	C:\Windows\Installer\e577add.msi	msiexec.exe

Executes dropped EXE 2 IoCs

pid	Process
3736	nomacs.exe
5484	nomacs.exe

Loads dropped DLL 64 IoCs

pid	Process
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe
5484	nomacs.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000042283678384db7f50000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000422836780000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090042283678000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d42283678000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004228367800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.heifs.3\ = "Image Format Image"	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.tif.3\shell\open\command\	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.pgm.3\DefaultIcon\	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.arw.3	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.orf.3\shell\open	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.roh.3\shell	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.drif.3\shell	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.jpf\OpenWithProgIds\nomacs.jp2.3	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.ppm.3	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.xbm.3\ = "X11 Bitmap Image"	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.tga.3\DefaultIcon\ = "C:\\Program Files\\nomacs\\bin\\nomacs.exe,0"	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.pef.3\shell\open\command\	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.pns.3\ = "PNG Stereo Image"	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Applications\nomacs.exe\SupportedTypes\.j2k	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.tif.3\shell\open\command\ = "\"C:\\Program Files\\nomacs\\bin\\nomacs.exe\" \"%1\""	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.nef.3\shell\open\command\ = "\"C:\\Program Files\\nomacs\\bin\\nomacs.exe\" \"%1\""	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.srw\OpenWithProgids\nomacs.srw.3	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.mpo.3	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.x3f.3\DefaultIcon\ = "C:\\Program Files\\nomacs\\bin\\nomacs.exe,5"	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.mpo\OpenWithProgIds\	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.psd.3\	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.xpm.3\shell\open\command	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.avif.3\shell\open\command\ = "\"C:\\Program Files\\nomacs\\bin\\nomacs.exe\" \"%1\""	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Applications\nomacs.exe\SupportedTypes\.tga	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.svg.3\shell	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.orf\OpenWithProgids\nomacs.orf.3	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.svg.3\	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Applications\nomacs.exe\SupportedTypes\.x3f	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.exif.3\	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.pcx.3\shell	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.cur.3	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.dng.3\shell\open\command\ = "\"C:\\Program Files\\nomacs\\bin\\nomacs.exe\" \"%1\""	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.exif.3\DefaultIcon\ = "C:\\Program Files\\nomacs\\bin\\nomacs.exe,0"	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.jpg.3\shell	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.jp2.3	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.webp.3\DefaultIcon\	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.avif\OpenWithProgIds	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.tga.3	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.exif.3\shell\open\command\	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.vec\OpenWithProgIds\	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.heics\OpenWithProgIds\nomacs.heics.3	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.heifs.3\DefaultIcon\ = "C:\\Program Files\\nomacs\\bin\\nomacs.exe,0"	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.gif.3\DefaultIcon\	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.svg\OpenWithProgids\nomacs.svg.3	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.avifs\OpenWithProgIds	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.wbmp.3\shell	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.svg.3\DefaultIcon\	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.raf\OpenWithProgids\nomacs.raf.3	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.mpo.3\	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.webp\OpenWithProgIds\	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.tga.3\ = "Truvision Graphics Adapter Image"	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.nef.3\shell\open\command\	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.pns\OpenWithProgIds	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.pns\OpenWithProgIds\nomacs.pns.3	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.xpm.3\	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.vec.3\ = "OpenCV Haar Training Image"	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.heic.3\shell\open\command	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Applications\nomacs.exe\SupportedTypes\.heic	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.ppm.3\DefaultIcon\ = "C:\\Program Files\\nomacs\\bin\\nomacs.exe,0"	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.xbm	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.tga.3\shell\open\command\ = "\"C:\\Program Files\\nomacs\\bin\\nomacs.exe\" \"%1\""	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.avifs.3\shell\open\command\	nomacs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\nomacs.pns.3\DefaultIcon\ = "C:\\Program Files\\nomacs\\bin\\nomacs.exe,0"	nomacs.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.svgz\OpenWithProgIds\	nomacs.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3736	nomacs.exe
5484	nomacs.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4480	msiexec.exe
4480	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3736	nomacs.exe
5484	nomacs.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	844	msiexec.exe
Token: SeIncreaseQuotaPrivilege	844	msiexec.exe
Token: SeSecurityPrivilege	4480	msiexec.exe
Token: SeCreateTokenPrivilege	844	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	844	msiexec.exe
Token: SeLockMemoryPrivilege	844	msiexec.exe
Token: SeIncreaseQuotaPrivilege	844	msiexec.exe
Token: SeMachineAccountPrivilege	844	msiexec.exe
Token: SeTcbPrivilege	844	msiexec.exe
Token: SeSecurityPrivilege	844	msiexec.exe
Token: SeTakeOwnershipPrivilege	844	msiexec.exe
Token: SeLoadDriverPrivilege	844	msiexec.exe
Token: SeSystemProfilePrivilege	844	msiexec.exe
Token: SeSystemtimePrivilege	844	msiexec.exe
Token: SeProfSingleProcessPrivilege	844	msiexec.exe
Token: SeIncBasePriorityPrivilege	844	msiexec.exe
Token: SeCreatePagefilePrivilege	844	msiexec.exe
Token: SeCreatePermanentPrivilege	844	msiexec.exe
Token: SeBackupPrivilege	844	msiexec.exe
Token: SeRestorePrivilege	844	msiexec.exe
Token: SeShutdownPrivilege	844	msiexec.exe
Token: SeDebugPrivilege	844	msiexec.exe
Token: SeAuditPrivilege	844	msiexec.exe
Token: SeSystemEnvironmentPrivilege	844	msiexec.exe
Token: SeChangeNotifyPrivilege	844	msiexec.exe
Token: SeRemoteShutdownPrivilege	844	msiexec.exe
Token: SeUndockPrivilege	844	msiexec.exe
Token: SeSyncAgentPrivilege	844	msiexec.exe
Token: SeEnableDelegationPrivilege	844	msiexec.exe
Token: SeManageVolumePrivilege	844	msiexec.exe
Token: SeImpersonatePrivilege	844	msiexec.exe
Token: SeCreateGlobalPrivilege	844	msiexec.exe
Token: SeBackupPrivilege	2500	vssvc.exe
Token: SeRestorePrivilege	2500	vssvc.exe
Token: SeAuditPrivilege	2500	vssvc.exe
Token: SeBackupPrivilege	4480	msiexec.exe
Token: SeRestorePrivilege	4480	msiexec.exe
Token: SeRestorePrivilege	4480	msiexec.exe
Token: SeTakeOwnershipPrivilege	4480	msiexec.exe
Token: SeRestorePrivilege	4480	msiexec.exe
Token: SeTakeOwnershipPrivilege	4480	msiexec.exe
Token: SeBackupPrivilege	2120	srtasks.exe
Token: SeRestorePrivilege	2120	srtasks.exe
Token: SeSecurityPrivilege	2120	srtasks.exe
Token: SeTakeOwnershipPrivilege	2120	srtasks.exe
Token: SeBackupPrivilege	2120	srtasks.exe
Token: SeRestorePrivilege	2120	srtasks.exe
Token: SeSecurityPrivilege	2120	srtasks.exe
Token: SeTakeOwnershipPrivilege	2120	srtasks.exe
Token: SeRestorePrivilege	4480	msiexec.exe
Token: SeTakeOwnershipPrivilege	4480	msiexec.exe
Token: SeRestorePrivilege	4480	msiexec.exe
Token: SeTakeOwnershipPrivilege	4480	msiexec.exe
Token: SeRestorePrivilege	4480	msiexec.exe
Token: SeTakeOwnershipPrivilege	4480	msiexec.exe
Token: SeRestorePrivilege	4480	msiexec.exe
Token: SeTakeOwnershipPrivilege	4480	msiexec.exe
Token: SeRestorePrivilege	4480	msiexec.exe
Token: SeTakeOwnershipPrivilege	4480	msiexec.exe
Token: SeRestorePrivilege	4480	msiexec.exe
Token: SeTakeOwnershipPrivilege	4480	msiexec.exe
Token: SeRestorePrivilege	4480	msiexec.exe
Token: SeTakeOwnershipPrivilege	4480	msiexec.exe
Token: SeRestorePrivilege	4480	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
844	msiexec.exe
844	msiexec.exe
3736	nomacs.exe
3736	nomacs.exe
5484	nomacs.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
3736	nomacs.exe
5484	nomacs.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 2120	4480	msiexec.exe	102
PID 4480 wrote to memory of 2120	4480	msiexec.exe	102

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\nomacs-setup-x64.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:844

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2120

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2500

C:\Program Files\nomacs\bin\nomacs.exe
"C:\Program Files\nomacs\bin\nomacs.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3736

C:\Program Files\nomacs\bin\nomacs.exe
"C:\Program Files\nomacs\bin\nomacs.exe" "C:\Users\Admin\Desktop\GrantCheckpoint.png"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e577ade.rbs

Filesize
26KB

MD5
ca452eec95416844fb7d4e09a52f8e6b

SHA1
87962744214eb4acfc24cea094bf6608f7517acc

SHA256
2ba54e0890a80b312a280ccc6bc8b71cf08667847afeba059ca61483dc2876a3

SHA512
5eecdcc0a8fbc0155627572d176935dd171b3c2bf338c08aa51e6bfc49e25f0b00c258c9697bea0ccb963e132ea009a3a57e8d8ebbe9da7eb5a9833be2b9e0be

Download Submit
C:\Program Files\nomacs\bin\CONCRT140.dll

Filesize
309KB

MD5
0248bbe3b1cb7f9970861c2b0cfa79f4

SHA1
171f46dc573658f36b23e2928def3bd47eb1f776

SHA256
6124eb9b5091ec6a3fcd64ee7f15809c4b8eb92878fe1398750e44ba703f8c2a

SHA512
d412d5c9d2b049f16825b5af2c76a626db4466aaeb959fdc3db9b35272c1c22571c329ee700212bb573d8f92050fe994561375938d5a0283cfec3dbc4a05b8f2

Download Submit
C:\Program Files\nomacs\bin\MSVCP140.dll

Filesize
576KB

MD5
47101de0dc287f47718c99c7dd19146e

SHA1
55ee57772bd6d6b8f9d786e199e11336b38b8c42

SHA256
a2cb9cae4b86468ca44ba36320814a204ec8ad311df624b94e12c47e328e2726

SHA512
1e589eebc5bee03d28e977d2fa6c22f6288dcb6758284ff5f2639acbcebed19c859c2a9552971e1ddc50042bceeebd96efdb057b8c342be12d17c1f9583f6deb

Download Submit
C:\Program Files\nomacs\bin\Qt5Concurrent.dll

Filesize
32KB

MD5
90838e2ba6dd31f84767ec22831f4da1

SHA1
fbcaf2c8374933e32b5eeb5d8e3dead19800de35

SHA256
578ac52ce21f44d12936ed53054ad7459c191c3f9ccc33652bcb4f4b9d483906

SHA512
caaeb06faefdf0d170b09748c9318fbb45ffbe5141b1316304e635dabec21ff8b984c93930ee41cc59c4ba6121a263cdf72ba9b2466a4305cf5ace4d1d72b57d

Download Submit
C:\Program Files\nomacs\bin\Qt5Core.dll

Filesize
325KB

MD5
6cd2c9725e1ebadd17cbe3540df77e97

SHA1
abe3bcf61886789af8011f710916c4feb98c6a76

SHA256
cfaaf64b8406fa2dddcdeac03293d6194591ea774c6b2fd52c1f6bd218c986ce

SHA512
9507a291e10b768d26d6206c324ee5bfdcbdf82cf16f3858fd4d0c198cf32765e6b9c0b5665e2613ded5a14323563323361138562f5da80df36750b598bcc4f3

Download Submit
C:\Program Files\nomacs\bin\Qt5Gui.dll

Filesize
359KB

MD5
3cba0e7d80ffd61aca181c731c05d1c9

SHA1
ce7f67deabd1722e68928a86989cf2628e9f5078

SHA256
00285ec576b9244ef86dcadbca175a408a6b07fa935860148c62c2915940007e

SHA512
fd5f1973de8aafc70c0687c1244ab5d8c601f6a71197f558946fab98cb997c0d71f8e2c23e46758b2fa408ab2ced4f2ec574e04620ab6b6dad05999288bcdf15

Download Submit
C:\Program Files\nomacs\bin\Qt5Network.dll

Filesize
1.3MB

MD5
aa903fbc163715359eb3a995827ef781

SHA1
0b8d21ac05691d367ebfde4d6f3a9239994d1a1d

SHA256
78fc3788f8b581c52f9484e7f34d4cb6d464c60a3a4fd0f7c93e1fd6ebc83914

SHA512
f443079eeafc679d841e683f46998820caba73d72768d9e07e88a7f4967318781fb424b9bb4abe18615e1ca7aad6f704e4a8d6c3eb81b617acda208167275577

Download Submit
C:\Program Files\nomacs\bin\Qt5PrintSupport.dll

Filesize
318KB

MD5
7fdfc065e52b1571c486805585b5828a

SHA1
ef07c10e6ce6262b7255992eeeafd5f879ca9d31

SHA256
1f69b0b48a150849afb16065b4864eb8db18d8b471bc7b91e0022b939c3a2f12

SHA512
4695f3c7128c09592261d9d2a31af939960d844a0ecf039a7f609680856ab71f1f1d35e45e60291a8748447f73f28c46ee7be83e544c9c6173041c6abe923773

Download Submit
C:\Program Files\nomacs\bin\Qt5Svg.dll

Filesize
329KB

MD5
7756b40b36d6a41ee8b26a3d8a6c7705

SHA1
fd47c7cf41de10696ccf2be5d4ae8c039147fde6

SHA256
89b78603bc1621b2aa7597520c2a426955a62a841b1a4b81f2e5746e9c9784da

SHA512
9b8ef7b8dd5a98e1db7b46d6f7cf8eb29355753895c6152ec09392b71541bcae177c6da03a4cca12925e1a9c8014692d26daefb449ee4ce1ff6255b14f2df29c

Download Submit
C:\Program Files\nomacs\bin\Qt5Widgets.dll

Filesize
2.4MB

MD5
5ebbc4b50eec161856413188f1ef3f23

SHA1
17888b2b871803c3528ff3bf8fd61a05833c1ea9

SHA256
cff4e97f9381d2fe2983ef5ec058b66b2eb68a1b864abc9a54e4c7ac2c283f58

SHA512
9b59c672d3f9dd877c760b4af05e88dcb1c3c108efa474455f993ded33e0697fee4d7d4e0b8e01e0019cc8ac038270fde9fe2ee3ae0633bc7dd30b4dd155153a

Download Submit
C:\Program Files\nomacs\bin\Qt5WinExtras.dll

Filesize
457KB

MD5
21eef69e555036b86f27385866268cc7

SHA1
af758cbf23e042ed00f0d090873142ceede5a386

SHA256
2f71ca3bfca348216af013ef299713726be238a2250f1681071b8f6c31435dfc

SHA512
d634e830f426c30c38cb00013a7f70835deda7dab0af22cddc5c185df8ba256e1d042c81be3876b820b1336a0fde0c3be030f51897377cfd3dbecd3f01f04d87

Download Submit
C:\Program Files\nomacs\bin\VCRUNTIME140.dll

Filesize
99KB

MD5
18571d6663b7d9ac95f2821c203e471f

SHA1
3c186018df04e875d6b9f83521028a21f145e3be

SHA256
0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f

SHA512
c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21

Download Submit
C:\Program Files\nomacs\bin\VCRUNTIME140_1.dll

Filesize
43KB

MD5
a4f89ffc725ccae3c7bbcb9a0c91302f

SHA1
531194dad6795b3cb50b02501b0856efa694dd36

SHA256
bbcea93943f7e28a4d904301ff4bb708adaec4cc27800020044085fb838d4e5d

SHA512
c8ce2dcb65cd1fd0a7ffdc1df0076be2882badac7082b49ff96ec2ca1e944ccab8699ab28901a895cca90783cd223434552e366103fb6fcd25d9ad033b95eedf

Download Submit
C:\Program Files\nomacs\bin\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
278857b86f667c47cbcce94f5ec73ca8

SHA1
a0f5b7e7c67f3c6b8f285d39d08b740e49445755

SHA256
91c5966932287078d0e616d8e0369347991f39765749bbffa1ed3a9df49776d9

SHA512
ebc02d1a2e223eb0b30a8e62089735faed83add4161094493f62561a09c13a426815e7f06c20c44477691109a8c3040dc68527023bfee6d9984c42d6a05208c9

Download Submit
C:\Program Files\nomacs\bin\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
6493b21fefae874655c62a56a156f3eb

SHA1
c65beb46f9f03d35867ff008026d3a56fa26fb65

SHA256
8d9d3e905d072c4465e4787dd5bd843d3a5dd5ac5ad9d7f232032b25facc82ab

SHA512
93cbe187f7fa86ac58191b5384a993135e3291873a76cc2cf81dd60c68ad7591386e4eb5ab53aaac2a6f48f7f778263b7fa0a4ea0863361910a9f1efee92b64b

Download Submit
C:\Program Files\nomacs\bin\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
ae83311041ee793253ff10736317a09e

SHA1
c62d06cb6cbd9d997c42a6ad7f13c06f38725069

SHA256
8f9361d02f68392127fe264655eac4fef4a4a1bf63571f184ce26faa98670702

SHA512
0fabcb0370330460f8f525401f339535c08d768f075816989a16eff2256584cfa8fd6832df3ce3d9c2a5364b4ef58bfff53cc486e3b48d11b654f7174aa18458

Download Submit
C:\Program Files\nomacs\bin\api-ms-win-crt-heap-l1-1-0.dll

Filesize
18KB

MD5
12311308d7d65895b3920b3dd3e54b3b

SHA1
3faa74c6913f451d9c575761630b507af0c15ee3

SHA256
76dad3e04c9ff61b40ae1c9e039837cd1c077d59b6a008643e4fbf2dbdb564dc

SHA512
67fd047e760dbdadb06cc2c34b935fdabc629fa988484a9f5120cd59d6167d943b612df65626701022b5e73c5b1177a8d813e90c5990468f51a5a11932c008ed

Download Submit
C:\Program Files\nomacs\bin\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
3dafcf25a2ac1becf40acbec8fc7134b

SHA1
0729fdc617403622c2edd77fdb7dd49b530e2037

SHA256
ba1458f730ff90009483c763926d1c74383480e529541c0ef5d4de44e7a4f14c

SHA512
9dbb487489c8a6af8dbd6326fe4958f489552af268f2937495ada35bb8404cfaeaf54833d8bba2966e72cd0ba3284a5fd167baf4cd6d905870f5d1ed3e5ff6c0

Download Submit
C:\Program Files\nomacs\bin\api-ms-win-crt-math-l1-1-0.dll

Filesize
27KB

MD5
f32bd567d35d2e85504c39dede609e72

SHA1
b7a7145956466e45bbe6f7fe41e935a152c2c325

SHA256
5f2bb085217304006c81c55214c6093ec476e554e31808026e424da82f58aa0e

SHA512
55396f3e5821d3f3eb5988bd3362a0cddf036de4afa8cc1214813834b5a152fc3df787a8347a7aff3de6bf112e1d2a354790f593854a59f1f49393ddf967d085

Download Submit
C:\Program Files\nomacs\bin\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
595a997bd415c8ae0ef1e3c3b73e6091

SHA1
10f34bc2f474a43bfaac26f66ec8081106c12253

SHA256
11aca97acda31203aeee496c9f183b49db1c54d0efa48888a15ab4ea47ee080f

SHA512
944f6bc405c69d6bf6dc97652e9f296658bd3de078dda50ac680e56818c00dfee909b100fc2fa9c6a891c55dbc66dd62ac52819950732c83198dbb8c04f3c9b8

Download Submit
C:\Program Files\nomacs\bin\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
415d765aa267382a79e56e428c80b1e1

SHA1
1bf13460b8aaac1538bf45186a1624825bb8c355

SHA256
cf7bbe93ae75a1c46a38204a6acef71bf2f5e3cd34501825601900e07d3d7b15

SHA512
7236ef7b2937718409ef4eeda20318b1697e7c1c868d0df263f4be8673365d48ff6ffa2317bfd1881b6cb3dd1300410ad4f715b8e01ed321c4011aac88490d21

Download Submit
C:\Program Files\nomacs\bin\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
5bd5a9001cb0555c5b2b14e0cbc8d922

SHA1
4562d23fba312fe95cbc777fd7c2e37ca1e76ad9

SHA256
b516d1772b75714f039440cf5d070b87a187d2f67b7f891c94cf1c60330fbfa7

SHA512
a6271f28f069a00c2912f80552bd54bf0d8461886adff626b336d25943dd0ade19eb88c718602017a1986317af3eb5f94f8896e88b9367207e8b53225322cb84

Download Submit
C:\Program Files\nomacs\bin\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
f719ad4c04043f55a21e73805997b287

SHA1
0e88b1271b242f7933e78edcb05131612cea061e

SHA256
a4b0f75854949980d410c5da90c36ddb94be292431c89fd3e992f9d5f8ee9983

SHA512
752b9b4385162126729c3f09b3b75d7121c8dec00cce11f7cf1ecaffed3e79addcbcfe8bdd4e20e15b8494bfe2d24c3f2d11583860b1e03be021196bc83fc3bf

Download Submit
C:\Program Files\nomacs\bin\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
a405399d5b958a03e6054307a631553a

SHA1
dba43f0afd8c6e1f61cf0be7503c6f70b48b8240

SHA256
d675ee0c418c4cd7ff0c19c2d945331c8e6072a51abbca548e7d9d2f1bf288dd

SHA512
33c64766053058fa9fa4fe689f1ca5a345b8b70443995d71aa65b64c7bb38d4dc3a2b37ad06a4ce5ca1c927ed9ea4377443eaaecc69b0e758ff265e755194287

Download Submit
C:\Program Files\nomacs\bin\exiv2.dll

Filesize
951KB

MD5
8df0f1d15f460825e75b49eeee2bf275

SHA1
63f1d73524d73a785d1fd00320d840f8306e6e1d

SHA256
7c3ab825d68c6c46e71238b7dd93941b52d8d0287347138b42c49baf5a7ad012

SHA512
5919f93b11bda9f4a1be92aae5073718bc6cd2f3182b17632009ea9566e43a00aff34296729f541a2097c46ea854875acaf3cca8ea6b17d5eeee95aca0b3c1ff

Download Submit
C:\Program Files\nomacs\bin\expat.dll

Filesize
132KB

MD5
45f267f8ae20b745ccddcd9c9c0554d2

SHA1
d251f9965bdbceae3dc3db76ce3720251b883899

SHA256
82fffec84d82de57dc3a41a5b608c0b2bbe5a1de39b9bd9ac8ca511f05f13a1c

SHA512
41e7a61526530fd23559703dedb35a5b3d22d34b68ab7e4740c240111a5f2e06b699a0e7839ccaa893ca7ea614f2ffa3c417ad189ff926aa62e1606f374afd3c

Download Submit
C:\Program Files\nomacs\bin\heif.dll

Filesize
355KB

MD5
052538f6fb6d080de514bbb56d2a3bcc

SHA1
b96ee21bb9da2b1e4fe02e627232e5fa4e1291ec

SHA256
3528e5130683a7c40d06b60872cd6a856d8cbf9d56f602a6b40a4f39a52794bd

SHA512
d428bde4315c0574905ad733d0e9793989de27b14a062523ff69fc73af399ee366c80e560ea7211cd6df7c4a66e70a3a5c354303880063670cdda3dd84c9ab2b

Download Submit
C:\Program Files\nomacs\bin\imageformats\qavif.dll

Filesize
2.0MB

MD5
c5a77e01d282b313f0984f45a98b51ce

SHA1
4b0f50e0d47ed1bdedcb64293ab2213130d1c09f

SHA256
17734d4a69a0afd8658dcdc9ff2844ab8ca0e3bae6bed1802beb7eff9a4c1726

SHA512
a92d30e3ecbcc5b0f983bceb9af63301252947261e6f8a611b0b236d65f8b0fa1e7f12e33001c1645b8a53f89bdc78b410d4540bd72fc9996c627436702bd661

Download Submit
C:\Program Files\nomacs\bin\imageformats\qgif.dll

Filesize
36KB

MD5
907c63e82fc3b9217933014035d861ad

SHA1
2b79d6f1c99ddc4d83796c8b306dd0d88bbe3675

SHA256
2d114528d6efcc34deb74ea94ea0a23ba0fa0087ffcd44bc3ac305e7c46c1ea5

SHA512
e6fcc6965d92c6bf31e325540549d5e2d8ce24b868f0dc2cd8449be68aa4e31f4913445a930a2823801300cd32d948291e607da635eb01689ff86c6b0f213dc7

Download Submit
C:\Program Files\nomacs\bin\imageformats\qheif.dll

Filesize
28KB

MD5
d067abba062854bc04300eb44c4013c2

SHA1
a814972d592d16110e7aa513fea8f29543c9cf2b

SHA256
79ab13d13515c6c008be3c2cceb29c76bb7375fc133b58ca15a18486d8b6bc68

SHA512
bde627e19aa2c285f6f7d6317443b5c6f87844a955fd2a49dacce3f9be59a58fa607099ed1c078dad90660cbf536ea386798fd0822bfaa2e30e02e737c96f144

Download Submit
C:\Program Files\nomacs\bin\imageformats\qicns.dll

Filesize
44KB

MD5
35aee3861714c2f9732eadf0b8dbb93a

SHA1
315db326df366202089e28f425e639d1bb3994d3

SHA256
34b78a9cfb29e20736ea6da354dd48ec41034a420596c78eb79fbb173b3e82f2

SHA512
b7a1442d036391025e2b621ccfd2389eb55bf9687294d901965f3edb0fcd23219445757ff958ac23cde8c1fd361d190a93c4e59a70ebb16413883a2a5a78db48

Download Submit
C:\Program Files\nomacs\bin\imageformats\qico.dll

Filesize
37KB

MD5
e394b0aaca984f0486d3278eb79b9b3d

SHA1
4e0ad7e2bdb353a835f6ba5d1964dd80ace50c0d

SHA256
00d2a327000f743b60c60f67cb391becf332b46b8a367a41080875f849f6f0b3

SHA512
593f150457f75e9640d40e98087e31bb507b6bba0ba4a3506bb392f4a9592fc0b9de3f15499105945b37afc3b2dab24665b61f1d8ddb2546b52fe129486e7913

Download Submit
C:\Program Files\nomacs\bin\imageformats\qjp2.dll

Filesize
567KB

MD5
2eebbb564511cfa16cfef3cf7971f7f1

SHA1
d5b3d989f7500ea3338ff31ecc4454369155c6ee

SHA256
8252a8e8056ca3842db7cc6de437a7330e302cab508390b8738f13275ad95d50

SHA512
815bfec4015ee1904ff52b086de6fa9e55cd026f4813e26533b2a6991a0079edfb3f181d283e2d3f14ccf425661fa3560ba363b534720519d89736f1e84d036e

Download Submit
C:\Program Files\nomacs\bin\imageformats\qjpeg.dll

Filesize
411KB

MD5
e27dbbba68a01dd57ae86e427ed25a25

SHA1
5347eb7a9760245344d6de387ef8780b2a6940af

SHA256
fed0c6794e909680c163843849f37d84a7be5454396ba90acd49fb4072cb32f7

SHA512
71587e493ce56052d4479d8a497ec66489c7858e649bcbde27774760e43ae9db6260455b79f8884f85cecb8757848feccd4344e35e7177fe2627a0da726db4f1

Download Submit
C:\Program Files\nomacs\bin\imageformats\qmng.dll

Filesize
273KB

MD5
0450ed6fbc974684de04067b31e2a18d

SHA1
8f2cf645ae2a02c90faa2b0ef762f857f35aed83

SHA256
ebec617de912cfe7149b73b3bf665cdeb5bed83d2fce7f32e4ef9545c600d2a9

SHA512
a6d9bfbf31536293adba89316285bd2f4c9822c9198de0b3a4e1e7ab32af413d5b30c3b7425019f01ef163133f9aeb7a90a7b42ee951396a218553b12f9c7dbf

Download Submit
C:\Program Files\nomacs\bin\imageformats\qpcx.dll

Filesize
27KB

MD5
93b9405980f6e90d56754f83a1dd2466

SHA1
e883c3a92044c39c6951162a15fdb4e5b3e7480e

SHA256
5d1450f9dff236107c2137f2e498c19498c74b559eb50ed6e50687c6e8157ba2

SHA512
83a3862d653f5bdbf7fedbd1c617914d04b75145ab0b5d1a5a124821405b5410eb22a27a2c32c8f6602d15111a00b3d16ad3714c620bb475f63fed29ac95da1a

Download Submit
C:\Program Files\nomacs\bin\imageformats\qpsd.dll

Filesize
39KB

MD5
5ee44050aa0105022fc29f5765cb7acb

SHA1
f36d8bce3e3c2591d4857b65dbbb78fd398da6fe

SHA256
da6dc73806e2f329f398154012e2803d3fc699eebc32a98f15860dbe1e4d13f0

SHA512
ab253a307338a94dde9ead54ac56970cc902d9a50fc98fbb8e3409310dcbefdaa5da06c4b41e3aaf49201b29f5e8afbfec5c8e9f1488f52af299813c841ac5f3

Download Submit
C:\Program Files\nomacs\bin\imageformats\qsvg.dll

Filesize
30KB

MD5
adcbc05ee7234ec2cda87af7dc3229af

SHA1
5e25203d55ba0d5ff4a8e7cb311325bf6da9cffe

SHA256
673bd68309713485d502dae4736c0662ed4989ffc27e885838a3240f56b9a8ef

SHA512
8277bf85f78facceffb0f07198acb9a4fbb279a61bd112e80698b57ab24ca6b90ca456441dc264f372ec2aa7ffe5f7f106eb4476ae86392db3efb489ff89e656

Download Submit
C:\Program Files\nomacs\bin\imageformats\qtga.dll

Filesize
29KB

MD5
b2d26d41e22fbeaff65c07e2cb8537fb

SHA1
47d2403ae86ea88feef168fe2b12ddba48c608c3

SHA256
ccc38b17ee468ccfc804a7fa478fa788c139b4b2b75b9b4873cdc671a3f248ec

SHA512
b5d79e139f7a6280a0998ffa0e145e8983e3ad501039e428fb3d9afde310185d670b6bc0c7a1a50fb51fd2a1c4f4e53d58567f7fe1e7318f74357039284367b2

Download Submit
C:\Program Files\nomacs\bin\imageformats\qtiff.dll

Filesize
336KB

MD5
e3023cfe95caf04b241f9f721be200ff

SHA1
48d5c9e99889f775d610908f304b2f9bffd3f624

SHA256
7d7cf199e96f8cbfb6d305d63beb3572a9783935d663808a74cc57297fd53b58

SHA512
39751f2a39d5c46c3e61a1c0535ad51750fe2aaf3e0013dc57fb38122c5641dd889c24890d75bb1161eb9f8e54a5985c22fdaa02c009e66fde7c4154c968d23f

Download Submit
C:\Program Files\nomacs\bin\imageformats\qwbmp.dll

Filesize
28KB

MD5
89e0a72447a37d35506933d0ce57d39a

SHA1
79c2b8bca5868b8809551c43311f12bf6d783154

SHA256
925910cc9082bd65dd987499a907e93e9d88112d2b846e7d29aa4081b11ffb7f

SHA512
9f9047d572ff88501f11292e652adba4a40a437d815ea2f313bbdda19eecf8fa0dcf48f4d40efe85c5db2bc3bfffcfab58dc6286728335dc8ac5435243b568de

Download Submit
C:\Program Files\nomacs\bin\imageformats\qwebp.dll

Filesize
290KB

MD5
4d4437e82facf2f2a0eb5d597b99ec7f

SHA1
b51462c5796f2f7dfd6fdedafbe5cf73aaa2899b

SHA256
1d37874b9baf2b2b03739a3d1cfb3581f483a7a9f488e406da03eb4e1e4a6c7b

SHA512
a98442f69f82a9d97d032c40afdeca94f2a51d75196a436272c51d052987b160edba68bb1a9a88d0a4104c56bd9749e4fd5bbc723f00bf8238e2111ea2e4bad6

Download Submit
C:\Program Files\nomacs\bin\libcrypto-1_1-x64.dll

Filesize
832KB

MD5
60ef9ebc0fdef2deac99dc4fae9231e8

SHA1
89d87889c59f60981219564aa85157c98aa05d9e

SHA256
6adfd43ed2c800c0a34fab6eb0db5ddf922e095f209fc2c789ea25735269afa8

SHA512
6aa02355e6ca2eb7fd80647b879e426403d1b163211ca29f01f5caf726af46ab4299c44550f4bbc35cd186d90fee371b5ee3c0b2a6f7058b73e1d93dc69b8319

Download Submit
C:\Program Files\nomacs\bin\libde265.dll

Filesize
489KB

MD5
474eb8d12cad88dd179dd4445c8c438a

SHA1
561f77a9dbf00ac29ab575df7702f4d6a1623f73

SHA256
30f51d4b340cb5c6f9ebd046a5cdd81c1ca16f66e35a4b322440d5ba98269d4e

SHA512
336ef39eddf80a0eb400416fb96b87ff19143bbe968fc6a984f57a08944ec8587b82d91b00c1cc27c610b9835eb015c595b1649129bf3a843bf738b482edce4f

Download Submit
C:\Program Files\nomacs\bin\libssl-1_1-x64.dll

Filesize
614KB

MD5
4dfcd9c50c92bc21897e101942d9bdf6

SHA1
0f83733f1da7af8c58646db8dc9b4c0c2db12945

SHA256
2b402478980d22e0a8980bf71c2b06975c01ba467dcd1a474d30334c53835ef6

SHA512
e5e9024fd4fd6a17f4b756951db1c5295ecfeb6dd6211d63d71eb5ad56214d54b170b16949e42cfca17c27cd4b7ec3e83e32ca4fd80b170d41a52178a8619155

Download Submit
C:\Program Files\nomacs\bin\nomacs.exe

Filesize
456KB

MD5
3406d25b964193b6e4f50a015a43a2f8

SHA1
41a7173bb7a9d4033b3c04062f6d830f4a8960e5

SHA256
b16565d386c6838821f9ce1c12ff5c4a9649088a850ea35e068c0d1daa780612

SHA512
cd5aa3aa90ba1f9474ffea75293c6a540d4a3387f56e6171feeee6860a5f7463a766245ebf41f474b9a892076f25e516db1bea76bb184ca3f0dfe7ab91e435cf

Download Submit
C:\Program Files\nomacs\bin\nomacsCore.dll

Filesize
717KB

MD5
ea56b15e83529f0dcc68f182c00bb230

SHA1
54202a24e04f6ef7115c209d93c35071fd861c62

SHA256
11d7b996257af94ceda1e909532744ee98c2a5ec64f51b3835e60d0beb90294b

SHA512
bb4425da69e72309a00f0329ba7b6b5460c933080d0bf2e1927b3afd4b0cbf9fcbc23e7ec7122d8c09a6d291ff31081b68371176eb7621568c20e876cb2ecee6

Download Submit
C:\Program Files\nomacs\bin\opencv_core430.dll

Filesize
548KB

MD5
8c197dc64bd3cd577e3081f63583bc39

SHA1
6253bda1719be26f5854d20c6a18dc84357dae2a

SHA256
cb9e15d218093f9b650f0b0076b09a50166a53ecf6d04d682f3a9ba0c96d3a24

SHA512
d579214a8d1333d557ce2074f7f0dc2f2b08020c6621d30c86fff816f005c674757a6b20eb33ccd5563720d6ef402b579bc5aaad310f1ed05abad9b451e15de8

Download Submit
C:\Program Files\nomacs\bin\opencv_imgproc430.dll

Filesize
347KB

MD5
2701cc2a28c63cb5aae728e3c174c96f

SHA1
e3ccb5610b0bff9979212cccdff515f296152909

SHA256
0732804107da66f01a905b9d7cbbceafec2714479826e5e99b14dbdc1d85d481

SHA512
dc508f4ae862d3faf5abd4ed7e1ad7d32cfe747eee8837bcb0a7bab216e14738593e667baefdd67d6503bb549559934f41302fbd6a74ee8dffe08c2e55e8046d

Download Submit
C:\Program Files\nomacs\bin\platforms\qwindows.dll

Filesize
186KB

MD5
5384cab84dc1596c75d2b38fd5a16647

SHA1
cc749162150c9fdf94d02fd8e3ceb2fbbf88a884

SHA256
ba0233076d304e7b87d7b4a10c314da818f6defea22a3759faab87f4d312f067

SHA512
45c7371aa957912d8195032f3cd473aa2b8b102d193fd12fc4ac4f46dee91af868fa432817b37180292ca9f8c6af4032cc2e3f2e891fbe6f429a470263e1cd97

Download Submit
C:\Program Files\nomacs\bin\plugins\CompositePlugin.dll

Filesize
86KB

MD5
21959ea239a82333c2f0c92274031632

SHA1
1b8af7bb68ab7958be6751f3f7c94b10d3ca65cd

SHA256
d2a5b5a03d14a43dff348209b539649270df98097d42f44f90ae9b6ae6f10b03

SHA512
d6d027abe8c2397d43e7990117936c7691b512fde522f274b4df14f07f79356a754a15e319fcaed3b0f9d6a2ab9b5217c1f4bb8472e2895ba8d34b3ed2ffd3fe

Download Submit
C:\Program Files\nomacs\bin\plugins\affineTransformPlugin.dll

Filesize
133KB

MD5
04d63d2721d21af01409108541c7be2e

SHA1
85f1be3f35a1af0162287ca4a48327f4de996fba

SHA256
a0618bd1aff8abb216844dd4d23599caae2ef72591a5a10265565441d59c380d

SHA512
6ce4f7a36890ad34cc2ec1d0249b93379a76a2bd23e064549c5fc988d2b71d3d747aadbe78f1cef8c37071dc7ad5e3f1e216127e9512836554a0b32a323bbe2b

Download Submit
C:\Program Files\nomacs\bin\plugins\fakeMiniaturesPlugin.dll

Filesize
167KB

MD5
83c21e0def30f28e29dc5ed026ab97f4

SHA1
af59655eff8cfd3f96b5fe12118003a4c4759880

SHA256
e79c6fa7f0194adf0acf752c48f948fb9f73c5377840a6679404e8e2d5eecac4

SHA512
ec69e3c4bf46ca918e84411e64108ef6f9033fc30dcc4497b194a63875104506d9edc04eee0080d92c8c12ac466cbac2f0c8d1d00fb546d3a73f62827e36ac5e

Download Submit
C:\Program Files\nomacs\bin\plugins\pageExtractionPlugin.dll

Filesize
204KB

MD5
4e97328359e83c65ba90c8de625803c4

SHA1
461b800216cf2da00c0aab6f16df45b71810377f

SHA256
a0a421e7cee414dbd2d6ff10bfed3368acfbd6cf8735c7e862c347322f45b20b

SHA512
4a3bd645324e7f57e2ede69e180710647c412c406cc0db91fd0893bdae7f4ed5b633b51e8ba2dc2b9173edc8de0afc8566d0562b7e4375879598abc08ebc5966

Download Submit
C:\Program Files\nomacs\bin\plugins\paintPlugin.dll

Filesize
114KB

MD5
9cc054ea9b082a2d1ca23c44fd2383b2

SHA1
c3b8859ec83a356d021f0a111991e499874618a8

SHA256
43cea9d9225118bb4cf754e0a8b01568c55d6e7a2bf6aa2ae408c3e7c3210351

SHA512
0770620bf57c0d77d4d8fe591118ef62a374993d6dab374466d5fe4aa055944e56364efbc6ac89cdd595b769a3e18c33e0c5bad33db7d634cc63a4a41530a3d2

Download Submit
C:\Program Files\nomacs\bin\printsupport\windowsprintersupport.dll

Filesize
52KB

MD5
faa182cad73dd4841e09ff0fc3353516

SHA1
39d48e9e43e6ec2eff1158b6bb9016092b8fdf51

SHA256
8ceb1058ea094dcd52a19e25bb9ae6bc5b89971ed7e2568825c570e0fb7b3920

SHA512
6981d9e3fe3910ebd7732a5b85abe4d9bbbee75ee945d3f17678b58291fa68ed9ef4b0a696625072b4174ac9d70dec52a4db98e1327c62a27d0db76110bee2ac

Download Submit
C:\Program Files\nomacs\bin\quazip5.dll

Filesize
205KB

MD5
3c2ae8c33cd07e74373da6ebb04ac4ce

SHA1
3efd5bb49081f8009a14cd77f6f30fc1a212d0e3

SHA256
a853d9625f87d1a024e17d26072bd34143fd078bfee76194bd4d7f81e22c9448

SHA512
eb6b9850a42104f702e0a5332892d56daccad8a9d94afa0d334e11c5df085b615ee02d0eefe1cf62083b255e6179942321515df6e342259f676d194e2f5f8009

Download Submit
C:\Program Files\nomacs\bin\raw.dll

Filesize
1.0MB

MD5
c864ee09140117d67c7e9c0f0e33ea78

SHA1
c697b0ec757470e7c89f7b502170e005449e571d

SHA256
74b81645b5b1dfa5e6cc5d8255102be624e51fe2317fee043e346112e6ce873c

SHA512
8ae54df08b7eb299f6090f66e4dd50ce2e05642d6100853ed4725fab16682598ff98e4d6a153eefea477d2e834ea95eccadcf8e5abfa672613aed8c2cdf6cfc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\27B827AF4A1B7BAD968714145F1DB00D_87615E8E580C95E805190136427352A4

Filesize
471B

MD5
09dd69a8e4fd902534aa117bcdaa9df7

SHA1
d4a2ec5a8d8834362c70aceea16bc2bafc922799

SHA256
ab6d92eaad1f0ee4ed8cde2326018fce1e8026bed6fc60c97fbd9abe9a4aad46

SHA512
3f027e8c8d557395b2e81b4dc0eb25ac74aa25e0acb1dfd7a7b976da32517fed88ae50a15c3b6a157d44c8fd3a9e2b11ecdeb136c411234ae242d8ceed197772

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE44ECA143B76F2B9F2A5AA75B5D1EC6_0C5B86F11E4CB868362FFA633F64E504

Filesize
471B

MD5
0688346b66f4e6d7b69752f22d945ca0

SHA1
85f99efeb41c0d6845717480705ab321ee8f3b3c

SHA256
e929b5649c20fc70c7a4bb6f4cd64c5b07454c47cde5f4a79594cc9482b0f831

SHA512
9021d296ee58c9eca50ac29414c31e2bc2f8af8abb0726c89f80230e7c9646a2cc927ab79b5bdb21f9ff5539764877930da72afdcbbb6428564923176ef88a1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\27B827AF4A1B7BAD968714145F1DB00D_87615E8E580C95E805190136427352A4

Filesize
404B

MD5
2806ff527649b9002e2362c081b1f19d

SHA1
86d4c43361d6749c58a9139e5099831b205ac875

SHA256
119198e6818f9f91d218c3b8f6c71333bbf3433e35db19ce698fd75638e69a93

SHA512
d993498cf1651ff41831309876a99ee1406a9167a5e7c9ad041c3fe1b50600b98d283ffb8c98bc91f7f4d2ac78ab0e45b004c40d68d1d71b2b19c676a0b790ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE44ECA143B76F2B9F2A5AA75B5D1EC6_0C5B86F11E4CB868362FFA633F64E504

Filesize
400B

MD5
6f8ad38a81506199a5721bb5379a06b8

SHA1
d31fbc09a010a5ce34d47058649ab7f0205295fd

SHA256
1d2208567d51558d9e9644ce7cff6f08724672de5a9e5da1adeb4cb537582984

SHA512
62089b526526c07f577c83b59ff704e6e53cf393f1f0fe13495aa0f5151d4b5a74eddcad6cda4d29485c72de3a30b994151dd05240cb97ee4f1620533327ab5c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nomacs\nomacs - Image Lounge.lnk

Filesize
892B

MD5
8057fe7ee02ad02ce29f32e9badbef68

SHA1
3cc37ad32bbfe7b6a5aa9fabac4a6718e87261fb

SHA256
db811e4f8617a06e69be3c583f495c379b00a90dcb430f4a30b4ec71739a597d

SHA512
d88d939122f4c43e298fc181af9b0ed9ac2c376e509ef29a109e80966e3161c9d8a9c38af03333ba05bf39b3d8876fb7ad0298e905153e4919041618f3ab3045

Download Submit
C:\Users\Admin\AppData\Roaming\nomacs\Image Lounge\settings.ini

Filesize
690B

MD5
78f82575218df2dae95f9b1eb6088e18

SHA1
1c0dd200b77daae61b34e886f6cda39374b59408

SHA256
93e83dd090a926e69acd911080cd8fa1597f31ac11d300ba70bb134ce4312c9a

SHA512
18b3ea4a55d1600a3e3ca14964ef7be2087e392078e13a762dd81d7178fe85ae3d972b002dbc1e4f1f06f01c00d5da42bd39ea779bdf624b2553d8d1bc6a6f7f

Download Submit
C:\Users\Admin\AppData\Roaming\nomacs\Image Lounge\settings.ini

Filesize
356B

MD5
87e94175986e83e9412d6a9c257f53b1

SHA1
694f32ce06c467d6f6e5b8c1fcff4ca23f5c3860

SHA256
1f0c30d7ef7eaba7431d4fa627ef82f6328ebae26843b2e7a29d9eac0e7ebf68

SHA512
7c8210024577a11d2e04d63a02a004872cf9014dacb781fa2efd00fa2ae9af07039eaa41d2d8ed1c5aec71471fbd4a47cdb3f8817afce98d610c9e3ed1961209

Download Submit
C:\Users\Admin\AppData\Roaming\nomacs\Image Lounge\settings.ini.lock

Filesize
59B

MD5
04746c43c55b84dcf1bb8b7fd2dcfda9

SHA1
c02a238c1cb371ef72d7324ef27ed96665ae6437

SHA256
28255293f8e7aecb8dba89759129f778bb69b8f50b47b97d7642d82f9e38faf6

SHA512
2accb7053d0178d04787f96cbb6fffe57b6d60dd25c72af74539007b4a1f781210f2e338635073d64650b68750e0adb34adf85ff6fdb3bacc64325e295ec418a

Download Submit
C:\Windows\Installer\e577add.msi

Filesize
3.2MB

MD5
d85c988d88f43f10f07dc88cc635192a

SHA1
a87267066a2f526d9df1373e9a2e5c2db87fe3e2

SHA256
ed1c8059b579d98b7cb717565b21029b9c216609c5b4d284650f690ddf0312cc

SHA512
572cb4c54e3af5f941ec710a58ee77ad607dd239ddcd5f933360e4c26988293a713e5cea5c41b2ed6aa366d16634b4cac880e1212146a7c3b2f189ef96391150

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.7MB

MD5
87609a1bd786c97fdfcfc8c690043cf5

SHA1
cebb2387af92b502517060090cb39103a7db33df

SHA256
a06af1e7d145c12ae8b0d3ee1d31bdcc144a55b042658c938c2f7b9faf7cb088

SHA512
c62114eb89cad9577ef2fabdcb3f516e9bf4df4a48e4689086d42abe5378c8ae975ab8b21d9daa2af836e8e105ebe29dffc0df7120381bbffbd6ae4e38645223

Download Submit
\??\Volume{78362842-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{1acd3a09-8954-4218-96c1-9e06e72706d8}_OnDiskSnapshotProp

Filesize
6KB

MD5
58623458b41391fcadd9bf7f927f2705

SHA1
a8ae60a4dc6df0adfa5d13119b5d19589a0a2a0a

SHA256
31efdb25cb447780e10d3ef4f6b061ebfe01549beb5a114a7f2ba78277e4e9a4

SHA512
d60aac4c181596c2bf9a6ca4b64127af8c7edaaf7c49ce6add9834a66a911827da17f6883a899aeb05a35bdf45e42b8c1325519fb9a8de51f5ea9048adf91684

Download Submit
memory/3736-189-0x000001BFC18F0000-0x000001BFC1900000-memory.dmp

Filesize
64KB

Download
memory/3736-187-0x00007FFA87A80000-0x00007FFA87FD5000-memory.dmp

Filesize
5.3MB

Download
memory/3736-221-0x000001BFC18F0000-0x000001BFC1900000-memory.dmp

Filesize
64KB

Download
memory/3736-188-0x00007FFA87520000-0x00007FFA87A7B000-memory.dmp

Filesize
5.4MB

Download
memory/5484-222-0x00007FFA87A80000-0x00007FFA87FD5000-memory.dmp

Filesize
5.3MB

Download
memory/5484-223-0x00007FFA87520000-0x00007FFA87A7B000-memory.dmp

Filesize
5.4MB

Download
memory/5484-224-0x0000016670440000-0x0000016670450000-memory.dmp

Filesize
64KB

Download