Analysis

  • max time kernel
    110s
  • max time network
    102s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    21-03-2024 15:02

General

  • Target

    DAMsetup.exe

  • Size

    2.8MB

  • MD5

    c4f6847c160205eaaba5af06dc3d5873

  • SHA1

    74c1c9a22e85305cb21ff22e68800f96daaa8464

  • SHA256

    5443b1c3aa80091b7e0d86681892e0871a7f1954dfa5cfd33318bc597116dd52

  • SHA512

    997687ab9f5b1507690ffb6d474d7f3cb81d4204e5e7face86c5d1fb54030d8c7c53ad16e533650b5a88abbdf6ab84e58dd8b7d3adb6d049aa244d08d1a950bc

  • SSDEEP

    49152:YKVrCbIS6kXtqMsSOqzw9iDxivzrp/SLyB+Lgyl8WLpqIDXssjromawYuwD:YKVry6ItqqkUVivXpGLLVpq3sPomy

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 23 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Registers COM server for autorun 1 TTPs 24 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DAMsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\DAMsetup.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Users\Admin\AppData\Local\Temp\setupc.exe
      C:\Users\Admin\AppData\Local\Temp\setupc.exe DownloadAcceleratorManager MediaGrabber damfhp damhlpr firefox chrome iexplore
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2424
    • C:\Program Files\Tensons\Download Accelerator Manager\DownloadAcceleratorManager.exe
      "C:\Program Files\Tensons\Download Accelerator Manager\DownloadAcceleratorManager.exe" /ia C:\Program Files\Tensons\Download Accelerator Manager
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:1252
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe" /s /codebase "C:\Program Files\Tensons\Download Accelerator Manager\DamLinkHandler.dll"
        3⤵
        • Registers COM server for autorun
        • Modifies registry class
        PID:700
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" /s /codebase "C:\Program Files\Tensons\Download Accelerator Manager\DamLinkHandler.dll"
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:980
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" /delete dam
        3⤵
        • Drops file in Windows directory
        PID:2976
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" /delete DownloadAcceleratorManager
        3⤵
        • Drops file in Windows directory
        PID:664
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" /nologo /silent "C:\Program Files\Tensons\Download Accelerator Manager\DownloadAcceleratorManager.exe"
        3⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1244
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 104 -InterruptEvent 0 -NGENProcess f4 -Pipe 100 -Comment "NGen Worker Process"
          4⤵
            PID:2932
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 160 -InterruptEvent 0 -NGENProcess f4 -Pipe 164 -Comment "NGen Worker Process"
            4⤵
            • Loads dropped DLL
            • Drops file in Windows directory
            PID:572
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe" /register /codebase /silent "C:\Program Files\Tensons\Download Accelerator Manager\\DamBho.dll"
          3⤵
          • Registers COM server for autorun
          • Installs/modifies Browser Helper Object
          • Modifies registry class
          PID:2032
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" /register /codebase /silent "C:\Program Files\Tensons\Download Accelerator Manager\\DamBho.dll"
          3⤵
          • Loads dropped DLL
          • Installs/modifies Browser Helper Object
          • Modifies registry class
          PID:2588
      • C:\Program Files\Tensons\Download Accelerator Manager\DownloadAcceleratorManager.exe
        "C:\Program Files\Tensons\Download Accelerator Manager\DownloadAcceleratorManager.exe" /iu C:\Program Files\Tensons\Download Accelerator Manager
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies Internet Explorer settings
        PID:2624
      • C:\Program Files\Tensons\Download Accelerator Manager\DownloadAcceleratorManager.exe
        "C:\Program Files\Tensons\Download Accelerator Manager\DownloadAcceleratorManager.exe" /iu C:\Program Files\Tensons\Download Accelerator Manager
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies Internet Explorer settings
        PID:1012
      • C:\Program Files\Tensons\Download Accelerator Manager\DownloadAcceleratorManager.exe
        "C:\Program Files\Tensons\Download Accelerator Manager\DownloadAcceleratorManager.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1792
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://install.tensons.com/?pid=003&v=5.6.0
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:888
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:888 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1796

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Tensons\Download Accelerator Manager\DamBho.dll

      Filesize

      31KB

      MD5

      2cac7bdbcd895a3b2216fbff08f87799

      SHA1

      ae20d356c897fa271a712a429ea7368cf379c55c

      SHA256

      a391a059943274d82a89dc0eb069a57f8984c56cb3c4cded13388d4873985f16

      SHA512

      13937d63facaf2c661dde15b456cb0c062712165acf9054171f3a47711eba78729d83ea54bf55e443bd55c83478660ffb4c49bb2a28a966bb30ca4eeda934dfc

    • C:\Program Files\Tensons\Download Accelerator Manager\DamLinkHandler.dll

      Filesize

      43KB

      MD5

      d37ae62d7ae1d1d29742b37b5e5a65ec

      SHA1

      52ca247535c8d2df65d1072370a2b7ab320b11f9

      SHA256

      16c65138a398e626cb4e3c5440b89fb8c9c8c08fed7292c0b67a481f6fc6c1f5

      SHA512

      30771626d02c6380ff6ea0022eccc09e9d142f7b819036cf3a0ea9eb9fea24b9c6a7404af9964d5f82aa7cfb26ca4320114ad91bd94469808a0509f6c8460f74

    • C:\Program Files\Tensons\Download Accelerator Manager\Rsc\Img\DAMfirefox.gif

      Filesize

      38KB

      MD5

      d7a4d039966466bdbbb2dedb6026c582

      SHA1

      2fa913238de077e63543742f75d8193c20a85349

      SHA256

      9520ba714da28958015dbdefc5cff31c392e7f6b5c66e5d2df4c4c48f7e58223

      SHA512

      262398a377bd72d081b64291960374b802394bdcc96025f260f08889011ed6ae6a024176cf35e5e3cb44c6ad2d039c08f0ac9221b7caec4135cc7970f707361c

    • C:\Program Files\Tensons\Download Accelerator Manager\damhlprf.exe.config

      Filesize

      144B

      MD5

      7ed00198dff303eefb49e046562b5b7d

      SHA1

      f2a14ec5d2b7717061b77769067f93295f1fbc8b

      SHA256

      f4ffcc01ea1c06be63c18d343187ccb5f2f5885f1780218780f92214415e9c74

      SHA512

      71a2e8769e28a7dfe6d387bf3bfb0961af69d5bda7b6acc37ad6095581f02254e8d3be5b9583dfb39e34566f37c4fc54aa08f39e68ed705485519e7096b35ef9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      3087d58a7aca35d19cf8f63da013b94b

      SHA1

      fb72bfb5f4588952ccb67ea9b581ec61989c694b

      SHA256

      f571f268913b3011154b6630ab049550b7f91e198484b4fd2a2c279fac6c0e1d

      SHA512

      7282b49e7128106d2bc699d422436a00600ffd146f14ec400182e9c98ef76587590133a1fe3711bebcfb50cae4e0ecd744c9cb930cad55cb1b6b1078d43edc92

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      4e99ae47a71f0ec540abdbcbe54ff09f

      SHA1

      54b0b4269167cc98cfe3d63c4c2d622ea120d49d

      SHA256

      33c7b95dfb9a758b75a5b528016265ed8ee08272b6a01fe252c5b1ea1826d9d5

      SHA512

      d100a6e704f8fe224f382197889b9d2a20d4689c6e4acc49adc784ae83ab4579166ee7971ac17fe35ce725ae3ea144003535f4f6524911e14da5e25bb0e28ac6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      a74cb50222acec4aa5d3b6382c6929ea

      SHA1

      6aa832f48b6c147ae236e9ade1fac4bb4cb5a0be

      SHA256

      7b5a7405039c47712fb6d71a3a8b212da995c2186abedffb1cf4590cdc8b65c5

      SHA512

      430714bbf7669a88f12541240eedbd3db3e8bbcaf1b0b29586f6dcf43d2ccb94ebaea2ac288eb377c587625ac1d38a0cac2dedc669273c3c9af57e47db23a6a0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      363679474c283daae8efe8decf67a945

      SHA1

      9fd65bb3a536b4b8a5644c6b0cd24549e4e5109e

      SHA256

      98b3e2e57e33a3356b69ddea8c96d4f80101c11acfc8e8c35b76e1899878460b

      SHA512

      c3dc07b41d082bac87d312125f708babf79df413b26aebed9a3a96e759cb5f8dc15fe21a474564e263f9cc129204c16250ec9931012ef99f766d70b94fe396c0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      54a6dcd1504d430d468672d49be788ee

      SHA1

      35716d305feb6036ff99c3aafc4e87442cbca832

      SHA256

      c34f1c984b35ce764f0510c9da317bc1d86b58db4a73005977444170af6258ee

      SHA512

      288937fbf6bd6e148d2358145ddfb77e44aac457a4c300c042c8c781adbaaffadab30b2dde6fb181cc5e2700ad470521f7b9864981f6e602406ed7d8d57e2111

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      1bd51ddda647e20ecf42bb2d61ef8744

      SHA1

      f9b7f2e6f07b7f892e18cc147b71153ac20253bb

      SHA256

      e8e736f9eeccad95d48c9af202af321ea21a69d7feb0ee56d033d482658f7c0c

      SHA512

      19f5e8ca8d661ce13d1c4b01b6e9fea330e09f2950090bcb79f42416bd006ee397a83fb57f7085027490ac4962d5fc45b3bb2736af9e55f85334225ab610af81

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      94120d305370a4733cd225d6267caebd

      SHA1

      8fc4245b925bbfd9f313a3fe81fdf4e1d3124af9

      SHA256

      a4c8f27c5c627a1c391360856260bad61392394503349a7aa27b602fb393aeb5

      SHA512

      1bc03bbdc367a842aecac52a6e3e4007507e4fc7a26fc77dc1ad61c305554f55149a7fc94ce5f26c07bf86fa70692c229fc133fa0e01a21158611199fcd7366d

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

      Filesize

      1KB

      MD5

      2985cd5b754357ff82f520ac6dcf14b7

      SHA1

      0d1f305aa9c739dcf169d7127fee3231fa43e105

      SHA256

      3ce36167494268ae81594f68aedd4f97003a126a4c491ed24aa9d30371163e7e

      SHA512

      d5591f86584819cd113c9f1b72daa6a0e64f203ed82adcd590da28bc532512bc38aa2fb52e45d4ccc65d6af547e03f7dee1a3c93a0ff656d28a0a8831584e17d

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\icon[1].gif

      Filesize

      1KB

      MD5

      16c4bbfc8c0e2faef5c9e575f8e5db10

      SHA1

      e6df34e00fe5e6c4cb543c18b344c58e5c050530

      SHA256

      dbb001b04b242f857d9a2dfa1fbe9ae246b6153a67749dec208658f1a0d24f32

      SHA512

      026ef36d08740977c256db8ba34fa51205bd0079cd94cede98bce6afb4b5977c48d0c3b7ab0abeeed819e8233aac4232420ea39a7a577e76dcff1875623fa6b8

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\favicon[1].htm

      Filesize

      180B

      MD5

      9f1a72ec482631417808575cc932bd5a

      SHA1

      8492455bad3a0b904bddcf88d2816d26f281c742

      SHA256

      29f0a779e085b38cb38f41c2608c2af21e89e81b0dfc6665feca5b3ae3fb83ec

      SHA512

      dda3e0c922d3b214aeb3e00e087c9fe6f09dc8548104dead19c02eb5973a6de90870a3b2eae9e4fb59b34cf30954cfe4c9ab5bcf76e129a5ecfeb551d057b3ee

    • C:\Users\Admin\AppData\Local\Temp\Cab4137.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar4267.tmp

      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    • C:\Users\Admin\AppData\Local\Temp\nsy17E6.tmp\customPage002.ini

      Filesize

      801B

      MD5

      7fa5a3a0e3892c0ede0e7cf0feeb52db

      SHA1

      e3e617d63ed0ad707f3e23747eea0c132d98556d

      SHA256

      6da1d876cbe106704612f0ed75e5cb01a44f58eb081c5e76991a1d12d12c3c7e

      SHA512

      e04719fa763a7966940c7b538ca6a6c4e1d308581d7b438cf61f9340bc7e1968d281b19660de2acfd14da8bff71b6d020db9fc3a5fb77cd5ca5ecdea3b699cd7

    • C:\Users\Admin\AppData\Local\Temp\nsy17E6.tmp\customPage002.ini

      Filesize

      840B

      MD5

      51705c7a434922cb5f94515fb9764b03

      SHA1

      6b9a5ae64ade667aa4af50f15c3eb6f6edb3a306

      SHA256

      2e52228430fffe78de7cee8306addb94a6292ab042897a0978bf77be081ca44a

      SHA512

      0362c6faca3b1a3600662a6e78e3432b8d0c930f1d7f7c6257ad6b74d68d930aeb0d1555bc642847577f1ce5264fbbfd3680b0cd1cb25b071a9edc5f239242f7

    • C:\Users\Admin\AppData\Local\Temp\nsy17E6.tmp\customPage002.ini

      Filesize

      849B

      MD5

      2f462c1a7320b2dc24659195e50be662

      SHA1

      aa22599c41b2efc405532496989dadcb90dddfa0

      SHA256

      2ddde12755d567628bb87a8f6908ab98e5a6fa4f899d944f032cffd86f609196

      SHA512

      54c717b2f295830d9377a0daf7c18390548ae35ed2749676898e36d5019ad48ac413128af69aaabb39ccddae532756b79d7dd7ebb466e4d543d23fe15787ddfc

    • C:\Users\Admin\AppData\Local\Temp\nsy17E6.tmp\ioSpecial.ini

      Filesize

      762B

      MD5

      e71b6d96350c05001d4b8149d34d06f0

      SHA1

      72f04f8cc9b74527d5b31e80dc5a3ca3d31fc971

      SHA256

      16e1895e8a0e15fc376e7e191751c07210835ec586ecbe61d9170b14e293396e

      SHA512

      2bd7c133f00fade07883f1f43330f6e74455f8af2f57a86e2955beb0ae77e73c53070931582ea82770991ee71404875dab6c5a7dfaf3ca12a095d3dbbae01a77

    • C:\Users\Admin\AppData\Local\Temp\nsy17E6.tmp\ioSpecial.ini

      Filesize

      807B

      MD5

      1f79a896ff2f4d42d2242946865581de

      SHA1

      e0181bcb8fa6aeba65f3687064b9b4e2293b387f

      SHA256

      9cc8815672baa28d73ba01f6d426145b62e3e2661062ac24a5878c2ef4765df8

      SHA512

      40f63e64fdbc2e4e0270f61491cb36038df6a0d4b6644e406143140b95632562a8eec3da55af9bc1206da5431d9ac51c1df0f787635cf46c40c456b134a24e57

    • C:\Users\Admin\AppData\Local\Temp\nsy17E6.tmp\ioSpecial.ini

      Filesize

      820B

      MD5

      3ce8d909302d1065dcb295f03829c278

      SHA1

      86923fc2b15e5cc83719c3a17725c1f8fb202a94

      SHA256

      8c440a018411f402f95a12b9b65c17d5403938c4bb8ae8a10ee77c41633350fe

      SHA512

      e5756bd9ee4386717dc0ee8f48704612f161203e0da51c29b4af60fe81b283381a21cd1befe01c5aa654c2372c8d933477fe11c52f7a46c367c8ed233c6ae89e

    • C:\Users\Admin\AppData\Local\Temp\~DFE34F6C3ACB028D93.TMP

      Filesize

      16KB

      MD5

      b0a1f1d96381bc2b658feb57792ade6e

      SHA1

      0960364751aac785566f8278c363bc481c9370f6

      SHA256

      089f176703d3238a6038d40a58a85260298e78f3a31b6ba14f7032ffbbc0e245

      SHA512

      c4fee497851d449879cbb26beaaa778b1fc2a3bbe7a026f25ad6eba94119667e4d5e2fdbd52f0b18f51dc1aea58c99f81f9b7f2e4349611463ca9c9c1a1f488b

    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

      Filesize

      107KB

      MD5

      0c116067cb44edfda18538b5c3dd2775

      SHA1

      7ca5e7973d15ade6df7b0e37572bfc1ca58579cf

      SHA256

      602351ea3a43b7b1547027f43cd41ea2536bb259e096edc82596ba8a10259eed

      SHA512

      627195492735b66dfe77e496925795a5bb1b695c0ae4b79af6656c10c6e303788ad0c1735f945ddab37052974716e6ece93db4895aa8f876adda12e22c92d150

    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

      Filesize

      107KB

      MD5

      75bd49c3d3addac04aa2138f3f8f117b

      SHA1

      04bcd1b0a2ce7c06648f1cc5e5f8b28694b4a2ed

      SHA256

      c1137bbf8e8360af6c0129db4a6e985031c9d6a3f6ec77a9c5cfe7dad783f88e

      SHA512

      e4fda4cf368081ce91c7a879d35e003c1aeeca46b80e0c2a56c4c88fc6a6d8ccf2663f3863777ab72a5a7f0fc195fed82b4a81db30e175d37427d146605c905a

    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

      Filesize

      108KB

      MD5

      277aec4e9dcd33baa9edd8076e8b4250

      SHA1

      4733fba00f6ece193dc8bbce652fc79580a220f3

      SHA256

      980563f709604b8f9a7a143dc4c566cb5ea7b3a38c622c037833a09549f83dad

      SHA512

      6ed0eef9fc1e344dd2d67865d09a8f82aadf2dabd7e46c3916048be7c7406eca10fdf66f6227e833eb3196ff959bb79ddb6ede531fd204b5b6488fb97172fe69

    • C:\Windows\assembly\NativeImages_v4.0.30319_64\DownloadAccd9662b75#\8a68aa8d8ee2d06649a3735ce14c8d86\DownloadAcceleratorManager.ni.exe

      Filesize

      2.8MB

      MD5

      4b43463d7fed7e2c13ce35789ca2b03d

      SHA1

      65ca208297d967b6ed966b6316db3b1ee7d42273

      SHA256

      f3f55b3161f43ed96b5739b94816db53d09b782ad869433db0141c7c6a23c0a9

      SHA512

      d953918c5112cf0307879fd185af61b1feea5a883ccafbf18caf9100ec0695e224eef8405b60aa889873fd8a0eba64cafe34a2957680f6821d7dfae2755beb0a

    • C:\Windows\assembly\NativeImages_v4.0.30319_64\DownloadAccd9662b75#\8a68aa8d8ee2d06649a3735ce14c8d86\DownloadAcceleratorManager.ni.exe.aux

      Filesize

      2KB

      MD5

      c23aaffb596604c6369caf3b1291a4b8

      SHA1

      07118497eb8eb907fdb5d784ff2fd19fe8423928

      SHA256

      4f90393872408dfb22e85f4468e4d4f6aa14ab4aaf45b015aaddbe176cdb3a4a

      SHA512

      b318dbb96c3ed72e27c5ce233bdda3070cbc8c3432a02e97c89416a487d2528b3402756f5b7e79e9da0ccf57e161dfef3bc34091414d1b6e9fb02477b5c5b17e

    • \Program Files\Tensons\Download Accelerator Manager\DownloadAcceleratorManager.exe

      Filesize

      1.1MB

      MD5

      c9a97774f133b25b2c5db91d5b34bac2

      SHA1

      55091d710765145164295c5f77fc93d76f957677

      SHA256

      1d4d500bacc5dbc232d162dffe25287571a049082c554fb07d920733f5336f7e

      SHA512

      a2e54b471d897d38ae366a2e5f1061a6c05236cdf7af1058e31f893039541799924de25adbfe412253fc568cf7730aaa3153eff8604f3c17bc7d43abad14c2e9

    • \Program Files\Tensons\Download Accelerator Manager\MediaGrabber.exe

      Filesize

      294KB

      MD5

      0e617f91a119dfad00de19adc57231f4

      SHA1

      74b5d97612740d8f90f6f199f543ef2df1c3832e

      SHA256

      9927c743ba8ce0ce8b59983693a7242cf9ca46d93630cf5c36fdde32e96cb150

      SHA512

      a17b1c1a0e91e4b657b8cf144af91b693eb723ec1ece96cdf9992178df353b4da545155fddd779330ade21d899fcce0502289ed6b0da1dcfa191a9fddd6406f0

    • \Users\Admin\AppData\Local\Temp\nsy17E6.tmp\DotNetChecker.dll

      Filesize

      815KB

      MD5

      83b493e0bc0cf1105ce25d9bd5d1c2b9

      SHA1

      1813bcb2a4384bd2a134bec29bd978f0b5c4e1b4

      SHA256

      3f7bed61a1f5ad0c0a468363c4f2974c2674fd018ce2aabd40b5a16604c2d4cd

      SHA512

      3aaccda41b5822d8eca0f8fb01c060151a1a19038c35905c937949491edc803ad7399f71ea7d56fded69394e4abb3f6266b3b3a8bcf644ef4bccb3406e3c2769

    • \Users\Admin\AppData\Local\Temp\nsy17E6.tmp\InstallOptions.dll

      Filesize

      14KB

      MD5

      8d5a5529462a9ba1ac068ee0502578c7

      SHA1

      875e651e302ce0bfc8893f341cf19171fee25ea5

      SHA256

      e625dcd0188594b1289891b64debddeb5159aca182b83a12675427b320bf7790

      SHA512

      101da2c33f47bd85b8934318e0f0b72f820afc928a2a21e2c7823875e3a0e830f7c67f42b4c2f30596eaa073617790c89700c0d95b7949ec617e52800b61d462

    • \Users\Admin\AppData\Local\Temp\nsy17E6.tmp\System.dll

      Filesize

      11KB

      MD5

      b0c77267f13b2f87c084fd86ef51ccfc

      SHA1

      f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

      SHA256

      a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

      SHA512

      f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

    • \Users\Admin\AppData\Local\Temp\nsy17E6.tmp\UAC.dll

      Filesize

      16KB

      MD5

      acfb66ee6fc1f4266229ec6098fe1740

      SHA1

      e1aeb31b11996015d7f17308e2f2bbe69d4e1476

      SHA256

      6d7e8070fa09cc4bb66fb99c2b88d0f5419602fa64a519437f430d9378300b1e

      SHA512

      bf0b5b22c57c08c88b4cbdd75bdf0c8eac433d42b4d163349391b71bc44d913e4d0e28e0826a7c27b418e6d2aa37c08c90577b56baa946a8f129486fbe01c303

    • \Users\Admin\AppData\Local\Temp\nsy17E6.tmp\registry.dll

      Filesize

      16KB

      MD5

      24a7a119e289f1b5b69f3d6cf258db7c

      SHA1

      fec84298f9819adf155fcf4e9e57dd402636c177

      SHA256

      ae53f8e00574a87dd243fdf344141417cfe2af318c6c5e363a030d727a6c75d1

      SHA512

      fdbbedcc877bf020a5965f6ba8586ade48cfbe03ac0af8190a8acf077fb294ffd6b5a7ae49870bff8cacd9e33d591be63b5b3d5c2e432c640212bdcd0c602861

    • \Users\Admin\AppData\Local\Temp\setupc.exe

      Filesize

      6KB

      MD5

      62738e8892a6d7b05cbb3b8a192afe9b

      SHA1

      6546f3fc2b4d1301bbc57ea98e57ebdabcc4b9cd

      SHA256

      55e37ec9db608c9dd898e3fd23975503e079a6f5ab82e0f9106014851ea2411f

      SHA512

      b88a231bfaad80f9c50dead56287d4e2bd445d5471267dcf39805c42abe692225696f7afbafa4fbbf0b4046de38e6f9edf03bed24f039a6d054a29aed4951762

    • \Windows\assembly\NativeImages_v4.0.30319_64\DownloadAccd9662b75#\8a68aa8d8ee2d06649a3735ce14c8d86\DownloadAcceleratorManager.ni.exe

      Filesize

      4.5MB

      MD5

      e4ab1f6ea57467d9acdcaa0dedcc7f16

      SHA1

      dd9c187f6036eadb9d30ceef94b38b8681a58087

      SHA256

      77a174455ae1eeca7efcf6d85a4d91c871e294342d0fc9b63e7308b1e8363b9f

      SHA512

      75f3faa0de407f595e323058ad6f961ab529699b07d0c7c5b6c5d89d6c472ae551d9cb0f705dfa1d629f4c0bdba88612f3268d34e0edcc5d47f47367409520ef

    • \Windows\assembly\NativeImages_v4.0.30319_64\DownloadAccd9662b75#\8a68aa8d8ee2d06649a3735ce14c8d86\DownloadAcceleratorManager.ni.exe

      Filesize

      1.7MB

      MD5

      2449b8c5529f8c3896d04db90e15e586

      SHA1

      fd1512866db0c28f1c138a983e542832f63bf151

      SHA256

      f66a07292cd66881c6eb176cf6cb53fb934cf1262ebe8ba144d742e4c188cb11

      SHA512

      00cd9c7026541e21cd1cfea5b37b8c1533e5dab73e1eed67ced4c99ddfb075f8fd661d51b41b18cc76b06dc030bbcf3e77f7631932a5445d9951e57e18bad7c3

    • memory/572-265-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB

    • memory/572-247-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB

    • memory/572-249-0x0000064488000000-0x000006448847A000-memory.dmp

      Filesize

      4.5MB

    • memory/572-248-0x0000000000160000-0x0000000000170000-memory.dmp

      Filesize

      64KB

    • memory/700-227-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB

    • memory/700-223-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB

    • memory/700-226-0x0000000002060000-0x0000000002070000-memory.dmp

      Filesize

      64KB

    • memory/700-225-0x0000000002060000-0x0000000002070000-memory.dmp

      Filesize

      64KB

    • memory/700-222-0x000000013FAC0000-0x000000013FAD0000-memory.dmp

      Filesize

      64KB

    • memory/980-228-0x0000000000110000-0x0000000000122000-memory.dmp

      Filesize

      72KB

    • memory/980-231-0x0000000000620000-0x0000000000630000-memory.dmp

      Filesize

      64KB

    • memory/980-234-0x0000000000620000-0x0000000000630000-memory.dmp

      Filesize

      64KB

    • memory/1012-369-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB

    • memory/1012-367-0x0000000000130000-0x0000000000140000-memory.dmp

      Filesize

      64KB

    • memory/1012-365-0x0000000001390000-0x00000000014B8000-memory.dmp

      Filesize

      1.2MB

    • memory/1012-366-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB

    • memory/1252-280-0x000000001AF20000-0x000000001AFA0000-memory.dmp

      Filesize

      512KB

    • memory/1252-281-0x000000001AF20000-0x000000001AFA0000-memory.dmp

      Filesize

      512KB

    • memory/1252-220-0x00000000003D0000-0x00000000004F8000-memory.dmp

      Filesize

      1.2MB

    • memory/1252-221-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB

    • memory/1252-283-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB

    • memory/1792-518-0x0000000000410000-0x0000000000436000-memory.dmp

      Filesize

      152KB

    • memory/1792-1040-0x000000001B9A0000-0x000000001BA20000-memory.dmp

      Filesize

      512KB

    • memory/1792-1041-0x000000001B9A0000-0x000000001BA20000-memory.dmp

      Filesize

      512KB

    • memory/1792-490-0x000007FEF51C0000-0x000007FEF5BAC000-memory.dmp

      Filesize

      9.9MB

    • memory/1792-488-0x0000000000140000-0x0000000000150000-memory.dmp

      Filesize

      64KB

    • memory/1792-495-0x000000001B9A0000-0x000000001BA20000-memory.dmp

      Filesize

      512KB

    • memory/1792-1042-0x000000001B9A0000-0x000000001BA20000-memory.dmp

      Filesize

      512KB

    • memory/1792-519-0x000000001B9A0000-0x000000001BA20000-memory.dmp

      Filesize

      512KB

    • memory/1792-520-0x000000001B9A0000-0x000000001BA20000-memory.dmp

      Filesize

      512KB

    • memory/1792-1039-0x000007FEF51C0000-0x000007FEF5BAC000-memory.dmp

      Filesize

      9.9MB

    • memory/2032-271-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB

    • memory/2032-270-0x00000000007B0000-0x00000000007BC000-memory.dmp

      Filesize

      48KB

    • memory/2032-269-0x00000000007B0000-0x00000000007BC000-memory.dmp

      Filesize

      48KB

    • memory/2032-267-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB

    • memory/2032-266-0x000000013F7B0000-0x000000013F7C0000-memory.dmp

      Filesize

      64KB

    • memory/2072-282-0x0000000074B50000-0x0000000074C6C000-memory.dmp

      Filesize

      1.1MB

    • memory/2072-138-0x0000000074B50000-0x0000000074C6C000-memory.dmp

      Filesize

      1.1MB

    • memory/2424-144-0x000007FEF5C00000-0x000007FEF659D000-memory.dmp

      Filesize

      9.6MB

    • memory/2588-272-0x0000000001180000-0x0000000001192000-memory.dmp

      Filesize

      72KB

    • memory/2588-275-0x0000000000460000-0x000000000046C000-memory.dmp

      Filesize

      48KB

    • memory/2588-278-0x0000000000460000-0x000000000046C000-memory.dmp

      Filesize

      48KB

    • memory/2624-290-0x000007FEF51C0000-0x000007FEF5BAC000-memory.dmp

      Filesize

      9.9MB

    • memory/2624-285-0x00000000010A0000-0x00000000011C8000-memory.dmp

      Filesize

      1.2MB

    • memory/2624-289-0x000007FEF51C0000-0x000007FEF5BAC000-memory.dmp

      Filesize

      9.9MB

    • memory/2932-244-0x000000001B1B0000-0x000000001B2D8000-memory.dmp

      Filesize

      1.2MB

    • memory/2932-245-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB

    • memory/2932-246-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

      Filesize

      9.9MB