51f152320b13eeb19538420087a5221e704f03acf7aebcb96751a51d762c8e5d

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe
Size

137.5MB
MD5

b33c62af31c864aa581919f2642e0ea9
SHA1

4c6bc5b7d1dca7c7ea0fe9faf1e9a3786095f66a
SHA256

51f152320b13eeb19538420087a5221e704f03acf7aebcb96751a51d762c8e5d
SHA512

90dc666a929b1ea192139216839af26d2f35795b4035c0088396f805620a3e0685cbdf157fec381ebec1611ff9f6ca0463a92a87faea63068ddc8926cf7e4cde
SSDEEP

3145728:+KAqbDYtCIq/Uiez1yHPO+eLEYvnLBHPVFee7tsZaIRNrBAgjtWaZsdkGpsF6nZ2:B9U0//exyre/NFee7tsZaIrif9d/sFU2

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DRIVERS\SET4579.tmp	DrvInst.exe
File created	C:\Windows\system32\DRIVERS\SET4579.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\DRIVERS\clwvdPFC.sys	DrvInst.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PerfectCam Service = "\"C:\\Program Files\\CyberLink\\PerfectCam\\PerfectCamService.exe\" /s"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PerfectCam = "\"C:\\Program Files\\CyberLink\\PerfectCam\\PerfectCam.exe\" /prelaunch"	setup.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	setup.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	setup.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\International\Geo\Nation	PerfectCam.exe

Drops file in System32 directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4e10b884-f943-2894-922a-ca5a2043f31e}\SET43B5.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4e10b884-f943-2894-922a-ca5a2043f31e}\SET43B5.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4e10b884-f943-2894-922a-ca5a2043f31e}\SET43B6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4e10b884-f943-2894-922a-ca5a2043f31e}\clwvdPFC.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4e10b884-f943-2894-922a-ca5a2043f31e}	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	CLDrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4e10b884-f943-2894-922a-ca5a2043f31e}\SET43B4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4e10b884-f943-2894-922a-ca5a2043f31e}\SET43B6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4e10b884-f943-2894-922a-ca5a2043f31e}\clwvdpfc.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	CLDrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	CLDrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4e10b884-f943-2894-922a-ca5a2043f31e}\SET43B4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\clwvdpfc.inf_amd64_neutral_c210fa0350008388\clwvdpfc.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\clwvdpfc.inf_amd64_neutral_c210fa0350008388\clwvdpfc.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4e10b884-f943-2894-922a-ca5a2043f31e}\clwvdPFC.cat	DrvInst.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\libraryPage\button\btn_photo_g.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\libraryPage\thumbnail\btn_check_n.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\GDPRDlg\Skin\product_icon.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\subsys\BigBang\Runtime\CLUpdater\Skin\200\checkbox-P.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\UI\Webcam\CtrlPool\KWidgets\KStackPanel.kc	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\UI\Webcam\Palatte\EnableCanvas.kc	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Layout\kxmlpad.bkml	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\file_sharing\btn_pen_n.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Driver\Win8.1\x64\CLDrvInst.exe	setup.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\IM_main\bg.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\IM_main\btn\top_btn_L_p.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\seekbar\btn_seek_n.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\PerfectCam Presets\Makeup\eyeshadow\eyeshadow_2016_Valentine_04_c.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Driver\Win8.1\x86\clwvdpfc.cat	setup.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Common\Media\scrollbar\btn_vscroll_thumb_h.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Common\Media\scrollbar\btn_vscroll_thumb_n.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Common\Media\slider\thumb_h.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\seekbar\seek_btn_p.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\top\btn_dz_n.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\PerfectCam Presets\Makeup\blush\03_r.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\PerfectCam Presets\Makeup\eyeline\thumb\patten_eyeline_01_03.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Template\BackgroundFilter\Study room.jpg	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\Palatte\eyeshadow_color_mask.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\playback\line.jpg	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\AssistantDialog\icon_Eyeliner.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\STD_main\splash\PFC2_splash_FK_00051.jpg	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\subsys\Device\DllPath.ini	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Boomerang\Language\Sve\BoomerangRC.dll	7z.exe
File created	C:\Program Files\CyberLink\Shared files\language\fin\EffectExtractor.dll	setup.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Driver\Win8.1\	setup.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Layout\Editing\EditingWindow_style.bkml	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\AssistantDialog\ColorPalette_none.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\IM_main\bg_tab.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\libraryPage\thumbnail\btn_unCheck_d.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\MUITransfer\ja-JP\Resource.dll.mui	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\PerfectCam Presets\Makeup\eyelash\eyelash_161003_horoscope_Scorpio_b.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Common\Media\button\subtab_hr_h.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\Editing\Button\playbackVideoPlay\pic_n.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\subsys\BigBang\Runtime\CLUpdater\Skin\150\btn_H.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\UI\CtrlPool\pathtext.kc	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Common\Media\checkbox\23x23\btn_uncheck_h.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\PerfectCam Presets\Makeup\eyeshadow\eyeshadow_160318_Prom_01_01.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\file_sharing\btn_pen_clear_arrow_s.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\file_sharing\btn_pen_clear_bgL_d.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\STD_main\btn_stop_rec_n.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\UI\CtrlPool\seekbar.kc	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\UI\Webcam\SetupCameraDlg\SetupPage.kc	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Setting\FreeLicense.txt	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Layout\YouTube\LinkYoutubeGoogleDlg.bkml	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\progress\WaitingCursor\Large\scan_12.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\quickmenu\option_window_arrow_p.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\OLRSubmission\REGrt_CHT.dll	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Trial\TrialRes_Enu.dll	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\subsys\PyWinProcWin7	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Common\Media\button\modeCapture\pic_p.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Common\Media\combobox\scroll_bar_down_p.png	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\IM_main\Capture\top_ico_close_d.png	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Lang\ESP\IM.dll	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\subsys\BigBang\Runtime\CLUpdater\Language\ITA	7z.exe
File opened for modification	C:\Program Files\CyberLink\PerfectCam\BackgroundFilter\CPU\interp.cl	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\UI\Webcam\Launcher\__init__.kc	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\subsys\YouCam\MPEG\CLVidEnc.ax	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\System\PyImageCodec.kc	7z.exe
File created	C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\playback\Name_logo_16x9.png	7z.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\KSCAPTUR.PNF	DrvInst.exe
File opened for modification	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File created	C:\Windows\INF\oem2.PNF	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev2	DrvInst.exe
File opened for modification	C:\Windows\setupact.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	CLDrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	CLDrvInst.exe
File created	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\setuperr.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe

Executes dropped EXE 9 IoCs

pid	Process
3024	setup.exe
2984	7z.exe
1748	7z.exe
1348	7z.exe
2552	CLDrvInst.exe
1244	PerfectCamService.exe
2592	TaskScheduler.exe
2468	PerfectCam.exe
1056	OLRStateCheck.exe

Loads dropped DLL 64 IoCs

pid	Process
2200	PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe
2200	PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe
2200	PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe
2200	PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
2984	7z.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
1748	7z.exe
3024	setup.exe
1348	7z.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe

Registers COM server for autorun 1 TTPs 18 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ = "kstvtune.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "ksxbar.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "ksxbar.ax"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "ksxbar.ax"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "ksxbar.ax"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ = "kstvtune.ax"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\PerfectCam2.0mklkfile\shell\Open	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\PerfectCam2.0mklkfile\shell\Open\command	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{a799a802-a46d-11d0-a18c-00a02401dcd4}\FriendlyName = "WDM Streaming TV Audio Devices"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Key created	\REGISTRY\MACHINE\Software\Classes\PerfectCam2.0mklkfile	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{A799A801-A46D-11d0-A18C-00A02401DCD4}	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "ksxbar.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PerfectCam2.0mklkfile\shell\Open\command\ = "\"C:\\Program Files (x86)\\CyberLink\\Shared files\\EffectExtractor.exe\" \"%1\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{a799a800-a46d-11d0-a18c-00a02401dcd4}\CLSID = "{A799A800-A46D-11d0-A18C-00A02401DCD4}"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{A799A802-A46D-11d0-A18C-00A02401DCD4}	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\ = "TV Audio Property Page"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AB454181-DF07-47DF-9C31-C577A3E0B5CC}\version = "2.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{7A5DE1D3-01A1-452C-B481-4FA2B96271E8}\CLSID = "{7A5DE1D3-01A1-452C-B481-4FA2B96271E8}"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\ = "WDM TV Audio"	DrvInst.exe
Key created	\REGISTRY\MACHINE\Software\Classes\PerfectCam2.0mklkfile\shell	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\PerfectCam2.0mklkfile\DefaultIcon	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AB454181-DF07-47DF-9C31-C577A3E0B5CC}\Live = 01000000	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AB454181-DF07-47DF-9C31-C577A3E0B5CC}\Install Date = e807040002001000090011001e002f03	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{a799a800-a46d-11d0-a18c-00a02401dcd4}\FriendlyName = "WDM Streaming TV Tuner Devices"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{7A5DE1D3-01A1-452C-B481-4FA2B96271E8}\FriendlyName = "WDM Streaming Multiplexer Devices"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\ = "WDM TV Tuner"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ = "kstvtune.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\ = "Analog Crossbar Property Page"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{a799a801-a46d-11d0-a18c-00a02401dcd4}\FriendlyName = "WDM Streaming Crossbar Devices"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ = "kstvtune.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "ksxbar.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PerfectCam2.0mklkfile\shell\Open\ = "@C:\\Program Files\\CyberLink\\PerfectCam\\MUITransfer\\Resource.dll,-109"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\ = "TV Tuner Property Page"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PerfectCam2.0mklkfile\shell\ = "Open"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{19689BF6-C384-48FD-AD51-90E58C79F70B}\CLSID = "{19689BF6-C384-48FD-AD51-90E58C79F70B}"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\ = "%Filter_XBar%"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{A799A800-A46D-11d0-A18C-00A02401DCD4}	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{7A5DE1D3-01A1-452C-B481-4FA2B96271E8}	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PerfectCam2.0mklkfile\DefaultIcon\ = "C:\\Program Files (x86)\\CyberLink\\Shared files\\EffectExtractor.exe,7"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{19689BF6-C384-48FD-AD51-90E58C79F70B}	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{19689BF6-C384-48FD-AD51-90E58C79F70B}\FriendlyName = "WDM Streaming Encoder Devices"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mklk\ = "PerfectCam2.0mklkfile"	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AB454181-DF07-47DF-9C31-C577A3E0B5CC}\Trial = 00000000000000000000000000000000	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AB454181-DF07-47DF-9C31-C577A3E0B5CC}\Spend = 00000000000000000000000000000000	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{a799a801-a46d-11d0-a18c-00a02401dcd4}\CLSID = "{A799A801-A46D-11d0-A18C-00A02401DCD4}"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.mklk	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PerfectCam2.0mklkfile\ = "mklk File"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9C2A113C9F8AA80438683B11388357C4\PackageCode = "3E0E8C4F9D07F8A4B9348B556F03A326"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{AB454181-DF07-47DF-9C31-C577A3E0B5CC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "ksxbar.ax"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "ksxbar.ax"	DrvInst.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Products\9C2A113C9F8AA80438683B11388357C4	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{a799a802-a46d-11d0-a18c-00a02401dcd4}\CLSID = "{A799A802-A46D-11d0-A18C-00A02401DCD4}"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32	DrvInst.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	setup.exe

Runs .reg file with regedit 1 IoCs

pid	Process
2212	Regedit.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3024	setup.exe
3024	setup.exe
3024	setup.exe
3024	setup.exe
240	powershell.exe
2292	powershell.exe
432	powershell.exe
1052	powershell.exe
2880	powershell.exe
3008	powershell.exe
2536	powershell.exe
2432	powershell.exe
2456	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2984	7z.exe
Token: 35	2984	7z.exe
Token: SeSecurityPrivilege	2984	7z.exe
Token: SeSecurityPrivilege	2984	7z.exe
Token: SeRestorePrivilege	1748	7z.exe
Token: 35	1748	7z.exe
Token: SeSecurityPrivilege	1748	7z.exe
Token: SeSecurityPrivilege	1748	7z.exe
Token: SeRestorePrivilege	1348	7z.exe
Token: 35	1348	7z.exe
Token: SeSecurityPrivilege	1348	7z.exe
Token: SeSecurityPrivilege	1348	7z.exe
Token: SeDebugPrivilege	240	powershell.exe
Token: SeDebugPrivilege	2292	powershell.exe
Token: SeDebugPrivilege	432	powershell.exe
Token: SeDebugPrivilege	1052	powershell.exe
Token: SeDebugPrivilege	2880	powershell.exe
Token: SeDebugPrivilege	3008	powershell.exe
Token: SeDebugPrivilege	2536	powershell.exe
Token: SeDebugPrivilege	2432	powershell.exe
Token: SeDebugPrivilege	2456	powershell.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	572	DrvInst.exe
Token: SeRestorePrivilege	2552	CLDrvInst.exe
Token: SeLoadDriverPrivilege	2552	CLDrvInst.exe
Token: SeRestorePrivilege	2508	DrvInst.exe
Token: SeRestorePrivilege	2508	DrvInst.exe
Token: SeRestorePrivilege	2508	DrvInst.exe
Token: SeRestorePrivilege	2508	DrvInst.exe
Token: SeRestorePrivilege	2508	DrvInst.exe
Token: SeRestorePrivilege	2508	DrvInst.exe
Token: SeRestorePrivilege	2508	DrvInst.exe
Token: SeRestorePrivilege	2508	DrvInst.exe
Token: SeLoadDriverPrivilege	2508	DrvInst.exe
Token: SeLoadDriverPrivilege	2508	DrvInst.exe
Token: SeLoadDriverPrivilege	2508	DrvInst.exe
Token: SeLoadDriverPrivilege	2508	DrvInst.exe
Token: SeLoadDriverPrivilege	2508	DrvInst.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1244	PerfectCamService.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1244	PerfectCamService.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1244	PerfectCamService.exe
1244	PerfectCamService.exe
1244	PerfectCamService.exe
2468	PerfectCam.exe
2468	PerfectCam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 3024	2200	PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe	28
PID 2200 wrote to memory of 3024	2200	PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe	28
PID 2200 wrote to memory of 3024	2200	PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe	28
PID 2200 wrote to memory of 3024	2200	PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe	28
PID 2200 wrote to memory of 3024	2200	PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe	28
PID 2200 wrote to memory of 3024	2200	PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe	28
PID 2200 wrote to memory of 3024	2200	PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe	28
PID 3024 wrote to memory of 2984	3024	setup.exe	30
PID 3024 wrote to memory of 2984	3024	setup.exe	30
PID 3024 wrote to memory of 2984	3024	setup.exe	30
PID 3024 wrote to memory of 2984	3024	setup.exe	30
PID 3024 wrote to memory of 2984	3024	setup.exe	30
PID 3024 wrote to memory of 2984	3024	setup.exe	30
PID 3024 wrote to memory of 2984	3024	setup.exe	30
PID 3024 wrote to memory of 1748	3024	setup.exe	33
PID 3024 wrote to memory of 1748	3024	setup.exe	33
PID 3024 wrote to memory of 1748	3024	setup.exe	33
PID 3024 wrote to memory of 1748	3024	setup.exe	33
PID 3024 wrote to memory of 1748	3024	setup.exe	33
PID 3024 wrote to memory of 1748	3024	setup.exe	33
PID 3024 wrote to memory of 1748	3024	setup.exe	33
PID 3024 wrote to memory of 1348	3024	setup.exe	38
PID 3024 wrote to memory of 1348	3024	setup.exe	38
PID 3024 wrote to memory of 1348	3024	setup.exe	38
PID 3024 wrote to memory of 1348	3024	setup.exe	38
PID 3024 wrote to memory of 1348	3024	setup.exe	38
PID 3024 wrote to memory of 1348	3024	setup.exe	38
PID 3024 wrote to memory of 1348	3024	setup.exe	38
PID 3024 wrote to memory of 240	3024	setup.exe	40
PID 3024 wrote to memory of 240	3024	setup.exe	40
PID 3024 wrote to memory of 240	3024	setup.exe	40
PID 3024 wrote to memory of 240	3024	setup.exe	40
PID 3024 wrote to memory of 240	3024	setup.exe	40
PID 3024 wrote to memory of 240	3024	setup.exe	40
PID 3024 wrote to memory of 240	3024	setup.exe	40
PID 3024 wrote to memory of 2292	3024	setup.exe	42
PID 3024 wrote to memory of 2292	3024	setup.exe	42
PID 3024 wrote to memory of 2292	3024	setup.exe	42
PID 3024 wrote to memory of 2292	3024	setup.exe	42
PID 3024 wrote to memory of 2292	3024	setup.exe	42
PID 3024 wrote to memory of 2292	3024	setup.exe	42
PID 3024 wrote to memory of 2292	3024	setup.exe	42
PID 3024 wrote to memory of 432	3024	setup.exe	44
PID 3024 wrote to memory of 432	3024	setup.exe	44
PID 3024 wrote to memory of 432	3024	setup.exe	44
PID 3024 wrote to memory of 432	3024	setup.exe	44
PID 3024 wrote to memory of 432	3024	setup.exe	44
PID 3024 wrote to memory of 432	3024	setup.exe	44
PID 3024 wrote to memory of 432	3024	setup.exe	44
PID 3024 wrote to memory of 1052	3024	setup.exe	46
PID 3024 wrote to memory of 1052	3024	setup.exe	46
PID 3024 wrote to memory of 1052	3024	setup.exe	46
PID 3024 wrote to memory of 1052	3024	setup.exe	46
PID 3024 wrote to memory of 1052	3024	setup.exe	46
PID 3024 wrote to memory of 1052	3024	setup.exe	46
PID 3024 wrote to memory of 1052	3024	setup.exe	46
PID 3024 wrote to memory of 2880	3024	setup.exe	48
PID 3024 wrote to memory of 2880	3024	setup.exe	48
PID 3024 wrote to memory of 2880	3024	setup.exe	48
PID 3024 wrote to memory of 2880	3024	setup.exe	48
PID 3024 wrote to memory of 2880	3024	setup.exe	48
PID 3024 wrote to memory of 2880	3024	setup.exe	48
PID 3024 wrote to memory of 2880	3024	setup.exe	48
PID 3024 wrote to memory of 3008	3024	setup.exe	50

C:\Users\Admin\AppData\Local\Temp\PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe
"C:\Users\Admin\AppData\Local\Temp\PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup.exe"
  2⤵
  - Adds Run key to start application
  - Drops desktop.ini file(s)
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\7z.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\RarSFX0\SupportFiles.7z" -o"C:\ProgramData\SUPPORTDIR\20240416_91641_3024" -aoa
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2984
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\7z.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Data1.7z" -o"C:\Program Files\CyberLink\PerfectCam" -aoa
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1748
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\7z.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Data2.7z" -o"C:\Program Files\CyberLink\PerfectCam" -aoa
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1348
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nst763A.tmp\tempfile.ps1"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:240
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nst763A.tmp\tempfile.ps1"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2292
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nst763A.tmp\tempfile.ps1"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:432
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nst763A.tmp\tempfile.ps1"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1052
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nst763A.tmp\tempfile.ps1"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2880
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nst763A.tmp\tempfile.ps1"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3008
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nst763A.tmp\tempfile.ps1"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2536
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nst763A.tmp\tempfile.ps1"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2432
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nst763A.tmp\tempfile.ps1"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2456
- - C:\Windows\SysWOW64\Regsvr32.exe
    "C:\Windows\SysWOW64\Regsvr32.exe" /s "C:\Program Files\CyberLink\PerfectCam\REGX.dll"
    3⤵
    PID:944
- - C:\Windows\Regedit.exe
    "C:\Windows\Regedit.exe" /s "C:\Program Files\CyberLink\PerfectCam\default.reg"
    3⤵
    - Runs .reg file with regedit
    PID:2212
- - C:\Program Files\CyberLink\PerfectCam\Driver\CLDrvInst.exe
    "C:\Program Files\CyberLink\PerfectCam\Driver\CLDrvInst.exe" install "C:\Program Files\CyberLink\PerfectCam\Driver\clwvdPFC.inf" root\clwvdPFC
    3⤵
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2552
- - C:\Program Files\CyberLink\PerfectCam\PerfectCamService.exe
    "C:\Program Files\CyberLink\PerfectCam\PerfectCamService.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1244
- - C:\ProgramData\SUPPORTDIR\20240416_91641_3024\TaskScheduler.exe
    "C:\ProgramData\SUPPORTDIR\20240416_91641_3024\TaskScheduler.exe" "C:\Program Files\CyberLink\PerfectCam\PerfectCam.exe"
    3⤵
    - Executes dropped EXE
    PID:2592

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{6d798bc0-a665-485c-2078-2776cbd0812a}\clwvdpfc.inf" "9" "6eb50072f" "00000000000003A0" "WinSta0\Default" "00000000000002C4" "208" "c:\program files\cyberlink\perfectcam\driver"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:572

C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem2.inf" "clwvdpfc.inf:CyberLink.NTamd64:clwvd:2.4.34482.10215:root\clwvdpfc" "6eb50072f" "00000000000003A0" "00000000000005D0" "00000000000005D4"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
- Registers COM server for autorun
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2508

C:\Windows\system32\taskeng.exe
taskeng.exe {8BACEE48-B3C7-49C4-BC09-085A0170E077} S-1-5-21-3787592910-3720486031-2929222812-1000:HSNHLVYA\Admin:Interactive:[1]
1⤵
PID:1776
- C:\Program Files\CyberLink\PerfectCam\PerfectCam.exe
  "C:\Program Files\CyberLink\PerfectCam\PerfectCam.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2468
- - C:\Program Files\CyberLink\PerfectCam\OLRSubmission\OLRStateCheck.exe
    "C:\Program Files\CyberLink\PerfectCam\OLRSubmission\OLRStateCheck.exe" /UnoPath:C:\Program Files\CyberLink\PerfectCam\subsys\BigBang\Runtime\UNO.dll /IsRegister
    3⤵
    - Executes dropped EXE
    PID:1056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\CyberLink\PerfectCam\Boomerang\ProductIcon.ico

Filesize
220KB

MD5
2920bf5a26a096896321e98364823fb2

SHA1
910f35443ce5c450285fc87d820bc1acf0a4ce3e

SHA256
3b800aa790b186e4448bdd571d6b8fbf2f1a5bffb0e5f6672bfd47927cb04ce8

SHA512
670c08832c535de56526ac63f672955d0ef21d5ca3e0096d65ba86e5e77eb1b7c0ccce98355a60c857b3e56da388ba13d70a619359eac4e5aa421557852c793f

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Lang\DEU\kanten.mo

Filesize
93KB

MD5
f7ca3b877d538ac6c814a0275d3ce6ca

SHA1
839ad14a9b48f0f547fedc565a88ddf64571cecf

SHA256
29bb7d14cc0e9a8979767a019e9758062865d4f93deb449dad012a626f944e2d

SHA512
ff84ad42ffcbee130524fff2b5965afb4b99ebcf609f35bdb7fe97f918fc80809abc7cae24ce1cc4bea80d7112bf40f4086e414bda4affb0b5fb6bff84eaa98a

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Common\Media\button\subtab_hm_h.png

Filesize
170B

MD5
23efc06e073276892ae300f2f37b457b

SHA1
6596c458cc596206c4ff629e51112276ffb35c40

SHA256
f634d25c448ad0bf71eef6cc9e5575cd8f717ec1f8f977915074629b85fd2f48

SHA512
7daa544d9b14623e64a509d8f97472cf38e31f9d4111c946258b6f5f87e339a4fd61a3675d365fd835dc1e7e830017f870a88d8f40ac4656e9c9317ad3b35ede

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Common\Media\button\subtab_hr_p.png

Filesize
87B

MD5
bb1f41599d620632353d9d8605e056e4

SHA1
7e2639fbc9e8d0da76d4b741888080798df00236

SHA256
5cb62074105f1d4d33aa0e1a04c3c727cb6b537ac93b2367a5cb97131aadf393

SHA512
582123457f36705f27bab3e24ddd4c5e1c4bfdab374d8514f8ea15868adaa38f9c94bdc91935884095049b93d373b16c3f6d4c5fbc6dfefb965419985d15b6d1

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\IM_main\BKRoom\bg_sh.png

Filesize
1KB

MD5
2bcaf8e62ffa544437a16317076aa456

SHA1
b7cec983237e9c93a4eef8654d190086f89fa930

SHA256
d4f18c2bc5143158ab2c93832409e780873f86e7af0103b92be6e1a47ab47efe

SHA512
16245e8e96d28e709649580a01d01d8bff3467b9e4e719e4ea3654cf0183ab651d1f4bca705df52e4ae23cfdf7cab186ef4c6651d13432598ea189883e369e46

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\IM_main\btn\top_btn_L_s.png

Filesize
141B

MD5
9fea4be13f99518b6588d8219d83ea7b

SHA1
2f2b43a91a1d95bfca7779b42359cebfd07d7c23

SHA256
3d35cda2996b364e614b0ae519852a0616700190166a1f1af1fdeaa8d5ca6559

SHA512
000be338f6181f7c48dfed3ad7ecdff6a45d5b7fe385713d02867595983a8c26955052072d38cc689f0dae6f9f8058b25552f86a38695c9ded7e5a1f5a299af5

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\IM_main\btn\top_btn_R_d.png

Filesize
128B

MD5
f9f2b1efe8c6c61cad5141a61ead160f

SHA1
5b06d2b062e318e4bbad37e61999f06ec742d77c

SHA256
c720366d109a0a6328fb5c7fff668fa8455b243b2a71095568d44fdaaa1f8d50

SHA512
22dd8d957873020376cbade0b90acd95cd3608d0129d5d8f6be400ff42ddc3f78de3e397707a66a08241673ac197c024b18c76fa00990cd0144628a35b8fe5b2

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\Palatte\colorPalette_skintone_h.png

Filesize
789B

MD5
41b79e968b8ae4259ec715a3a5c74299

SHA1
20e632f7920b519a4de1e59d6671219bdd46f95d

SHA256
85f708106ceed382fe2989152b11feeaef3365fd9bacc1fb90b74e7e7d0314f5

SHA512
9d728cfaa19cb031648e8d342ec40cd14bd26e6ba98805019b07ff7159937cfa0838f0bd99a1bf72689e469975777a58dacf440752e12d1b0154091afaec1a40

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\STD_main\fileRoom\icon_filter_all.png

Filesize
576B

MD5
540116d5cf9f3ab3622da265ed2b98ad

SHA1
5d6882b285e8555913fc61ce526a0747663fea01

SHA256
8c3205b30062210ef64376f3f61a8e73806858219666b94139c24a2fe6a2080c

SHA512
5d7788173629cae8b6c8d4d47d44c1c992e7d2f6f0386bdd1155211ce8033fdadcb6da07ad283fefe898782fb069dd1defaadad3f851b0fa8ba0b9217507d061

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\STD_main\fileRoom\icon_photo.png

Filesize
630B

MD5
6c55070932b3e03ac26dd4e5914bf929

SHA1
fbf650681e42d86aa0662fdfa46abefb1273b712

SHA256
cf268ad3c726f0b967d336ffcc71183818b21957fa854ff27aa9b98044dc0dc2

SHA512
a567a830f8a63e30553d02bb718438691a5507066bb6ac1cb74cebd2c78765e8e0240bd47fb1fb249237475090c8c77c72208d0da1979ac2f56d34a6dafc4f6f

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\file_sharing\btn_clear_p.png

Filesize
274B

MD5
261a0aa9e5eda958f44a0af820361ba8

SHA1
3520bea055a637c3479618e23687d73705f51ce8

SHA256
ced60e5a79ce5a9429351dbb8e4321f504d66e210b2a0c64b03b9ffe1654511c

SHA512
eb2ec0ee854213d9e0c7d552ce15c5f2a4a8b940ca5ea2f907889a8bacd2ecb63b1fe4315f9274a6ec84acb9ac314b6c8729c6513facb57878bc45a2d3ff33bc

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\file_sharing\btn_pen_clear_arrow_n.png

Filesize
153B

MD5
d70b4b441ff0e3885d49582f00f23e14

SHA1
2acd3a31229e48c4ca1561a485b33e4958b2013b

SHA256
5c96e425c982bab0e4ae62bb25ec6e289d7e3c96702790f2280e6b0dcf3d6ed9

SHA512
0086e93047425d25168e9cab60ff9ff4dc47afed3695fd5ed9bf718778f55ac50eac7b6bb21d136975f3a99f432dbb42e45b2ee4caf069ef865d06709f4e9560

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\file_sharing\btn_pen_p.png

Filesize
380B

MD5
916f5fbdce0d85594858c1cfdab2e05d

SHA1
4cf1f229b4044193b31b883d5700645f28da89c5

SHA256
845b356c60d133d5851c7a83e2a72759b60baa1f9616fc8954d1d6b73d1258ca

SHA512
abfab77254621288536986d2089724439f942ecf06cf412001dba2c939da1160579978f517e8410bb19f121335dffad94de0de3791e16a1acc02bb48d08feae2

Download Submit
C:\Program Files\CyberLink\PerfectCam\Custom\Skin\Standard\Webcam\Media\seekbar\btn_checkball_p.png

Filesize
171B

MD5
1307d5d9bc21dc7d0ec6e24af3edf8f9

SHA1
df924bf7252e63cfe1af083f2500cf1376110d22

SHA256
47660bf09424fd6d40293d3d6cc6e930077d97405b89f14b4a2af8f99578581b

SHA512
47880cdf38964d30ffc56e1a1939182633279123b4778c1b13687ae50b486743d1aa513a34feb67e029b41b3f49b83da047da296b5aebf7a1b3cd1e61bfcd9f9

Download Submit
C:\Program Files\CyberLink\PerfectCam\Driver\CLDrvInst.exe

Filesize
211KB

MD5
0c49af30bf73ec6a79feac055a80900f

SHA1
de031a7550b763f6c14a587772be7d0f35d682a0

SHA256
817d4387f4bd166dc34efdcaea8691eee3b54b13fb5bae0f87f4716435c7c625

SHA512
c04b67cfef5c3c4e01cf241eccbbfd999a3ac9aee5627dd9668c5d3f2ced5b2c35e1d8a8655015afe354b48b348646eaa18b9cb2924d99faa502f746bcb38583

Download Submit
C:\Program Files\CyberLink\PerfectCam\Driver\Win8.1\x64\clwvdPFC.inf

Filesize
4KB

MD5
4c64cb04ec14c47c90233bc8b785755b

SHA1
7f8fc594c3d3f2b1c8a3074c2e27f2a9dc251dc2

SHA256
01fd44bdf04e46360d43597de3658a91e86d10db2068231b1288e9f4e3251dbd

SHA512
db54fe19995ed24f5a1f89ddf96adaff5daed56003d155ad328ec698a6b2ea008aedb38669bd612d396f1073ef566ce174102aa6efe13bf9290a6e224adc5a4e

Download Submit
C:\Program Files\CyberLink\PerfectCam\Driver\clwvdPFC.inf

Filesize
3KB

MD5
86ad2208e17acbd79689f95aac2366d6

SHA1
cf66810439e7cbef1d0403433fce6ba9d8792b85

SHA256
92f69d9d803fc2132e63d3496f0de88acf8eb4096710e61099e3d90a9e688992

SHA512
776604af64164b06eef509ff880abb5ae87bb25e9279007b62d57b9472e0eedfb7016b955af2ce16c49f767d15c1a3fb971590789797450ffc0ee3c4f7286f31

Download Submit
C:\Program Files\CyberLink\PerfectCam\MUITransfer\StartMenu.ini

Filesize
241B

MD5
d3e7783ea936bc50c61faa4b4408e366

SHA1
d0f7ed7e831f174fe8b63a4f3854ed9382467c28

SHA256
2a2eaf7fe8ab4354dd3b0c94fbd67b342549bbb8794fc0a628b728a19920374d

SHA512
b4ffaace05470c3ef18fc26650dafaa6febc810c1841a67aeed04f2de0502e13dbde2f1fbce3a51fc7ddeb44de9f539d7f9f60906fe6ff2a66d6ee7a9ee9a3c6

Download Submit
C:\Program Files\CyberLink\PerfectCam\OLRSubmission\UREG.ini

Filesize
475B

MD5
0dd2edb7b79a7eb70a4ecd4681edeaf2

SHA1
39bec8e6dc07058844a71ba09560a00010b46e7a

SHA256
ec680db2b638c3bd63fc31bd654a497e56c8dd9ea1668a52d4c52ecef4bc8daa

SHA512
2fd5b7a1683f65770eb83de5981e14519918b37b27a2c874e841d7ac7e1d366858ef8540c393cf8eb7b7a00a091d47ccc67f2ee0d7578c7411e3cd38467a597e

Download Submit
C:\Program Files\CyberLink\PerfectCam\SRExport.ini

Filesize
164B

MD5
8c75a222692472bca5757d6c5012d8d6

SHA1
80e07716be2ab6bb8fadc73e12537b75fadb1aa9

SHA256
32b4c3abce7e8ec2e8726fce4ee8d3fe39df8ca6ea5d9c76520341e7449cc184

SHA512
b8b2735450466e5fd4ef08f2d694efce3c3faa6d99ad9c2873dc284b6c141f017c3612e8af296f75cff1ed52a5229e63250a4a1340a6740399d4ff4ec0facca1

Download Submit
C:\Program Files\CyberLink\PerfectCam\ShareFiles\Share\language\bgr\EffectExtractor.dll

Filesize
40KB

MD5
b27777f13396e99eb5ba49e529008893

SHA1
f040d01eb5e23d7f0cd8345e702128661850b4ee

SHA256
a3dd937734935908326e85e1a71e725b0e1ababc93f8d88cd4f010ce2c888da8

SHA512
5a8fa6a65da4aa1603e29191e2fa01d63bcd28df652e3f6041c33a7bc09771bea3535254884a305da677f72b9eed47d0109d526e7c5feb18805aacb3ad3f7da2

Download Submit
C:\Program Files\CyberLink\PerfectCam\ShareFiles\Share\language\csy\EffectExtractor.dll

Filesize
40KB

MD5
f979ad56f85e041e71529b5d93bfc0b7

SHA1
ee6b8d757c73ba23afc1a6c1c11c00c5c2cd2ac6

SHA256
d7865ca01d4343210e3efe5ebfe6b2218fadd872ff7fc14a53d437eabf4b9b57

SHA512
abd925c68b065adf1c3334e903abedef07f40ba254f891d840fbf0e19d0fa0fc68dd21ee60fea43c343d2519847879070b42f78f0bc6c6c3822fe8ef69944e7c

Download Submit
C:\Program Files\CyberLink\PerfectCam\ShareFiles\Share\language\dan\EffectExtractor.dll

Filesize
40KB

MD5
bc8d461d3c15a30556ea5bb29dddc36e

SHA1
e64b3b0d1f7a8490d62590bcbb004e6a2bb36880

SHA256
c284cbd2f84dc0ef1293e4ba4159de1ae8eb77b267d8dbae26be715f5fe60750

SHA512
dd5d33d3a1466adee10f8182b248c853190b94c48ee2bcf74e6d4c92f62afc566c93ecc51593c2523431c40d84db98747232821f982a56bd393380b8c4295779

Download Submit
C:\Program Files\CyberLink\PerfectCam\ShareFiles\Share\language\deu\EffectExtractor.dll

Filesize
34KB

MD5
75c4421067dd82b2a22a4ca5f612b46e

SHA1
39129aab5b7c33b525e5d2f3b88d2d597941b8ab

SHA256
e8f6d2adb57e8204e095a77728a8f5c364c5b4ba89ea3537b1e28cdf06a643b7

SHA512
c794d4985898680d3e0ee373339bb31dd6ba03aa5bcda9ef52139afaa56e113c98491945ed3779516a2f380437c0deb08bdf2d8891e1d2a612dd4b2aed063960

Download Submit
C:\Program Files\CyberLink\PerfectCam\ShareFiles\Share\language\ell\EffectExtractor.dll

Filesize
34KB

MD5
0d7b48e7e6072294f88f72dd4aba77cf

SHA1
b2f6ceefcb78ea154131b60ce56acbf751830415

SHA256
a5ded265a1dffef185f1fbcf8b84cc94f0f7322abf75c2f80378f4780442377a

SHA512
9736a99bebfb515715fa166e45c4789fdfa0e994e74a0a0534b99db1858cc16a4f6bab315d3b0dd738625f99eff1920ffe20ec35b1e69197beb10ce53d97ab9a

Download Submit
C:\Program Files\CyberLink\PerfectCam\ShareFiles\Share\language\eng\EffectExtractor.dll

Filesize
33KB

MD5
e123ae7427b876de386b2f0f17cd4b4b

SHA1
51071be85792f436b58976e07c5d9bedb86696a3

SHA256
41edbad9f09a5c3bc029c5ca53666e1640f87b4a497593e22f927f8e4c3c1180

SHA512
497915a2530ed8aeefa12a154bca7602db8156f63985f7b33ca61d8f6c758b567e7341edac7856040260bd3bf9abb336823bf3a83f43827dc52f438612a41bae

Download Submit
C:\Program Files\CyberLink\PerfectCam\subsys\BigBang\Runtime\CLUpdater\Skin\bigbang.ico

Filesize
283KB

MD5
323800651ae248f905b6c4c31e13aa57

SHA1
856fc8574ed0a84a6157a94030e30ef32816f287

SHA256
43f4bcb2fb16830939e23108dc8e3e6c5ad79e3e808ba473988788d2a72a5e06

SHA512
cf8a20045dde8198b154d8a44005ab81f9e118dad65961a2c1ad05d22a24ee614c630f5a87a2480e7b7a9ddb64826df86b13fe89c2834a07704596447a7b3534

Download Submit
C:\Program Files\CyberLink\PerfectCam\subsys\YouCam\[OPTIMIZE]mnetv2_gcn_0808_108x192.bin

Filesize
825KB

MD5
7eac063ef5ed9b14c78671dcac9b49e0

SHA1
2b9b7d934466e5bdb1edc5cfcadca3fead2e862f

SHA256
2e200f915fadd2e072f525d3750d36c7f23ea0ff076bb5a25c0d58f68c9ce803

SHA512
f8a9addd484a2982db1df90ea7e6d3b75c3139f3aa41b7acce9cecd4135380c69894b5f42977f809e082df4efdd4ae9077e1cc1b33b47eaa9e9096e1b7b9a44d

Download Submit
C:\Program Files\CyberLink\PerfectCam\subsys\YouCam\[OPTIMIZE]mnetv2_gcn_0808_108x192.cla

Filesize
988KB

MD5
2939dd0113a8ab4dd00bf80b326c8026

SHA1
235033f01c77ddd5a6c52271d4d10a0bdd088116

SHA256
06446b774fe39429997105b57a2802262d59999c8ce9de9a980217fa0765739f

SHA512
133311621615ff079a9a26a001299666f7e174320c319e437b42bbd01e348399262196c4c7c367b52d29004287490ffa63eb78fba3581c00c0f1d352cf086e7e

Download Submit
C:\Program Files\CyberLink\PerfectCam\subsys\YouCam\[OPTIMIZE]mnetv2_gcn_0808_108x192.claxml

Filesize
77KB

MD5
fa9b7c264a88404aee72c4bfcc5f6572

SHA1
e621ad0a42cd4e264ac37d3b2f480ec9341af3f3

SHA256
03f2f50aaec0697a8e59b45da692a13c45b63e36f3143a0a2a30663d8384cba5

SHA512
f461ecbfc82f1158ae8a386960c20f3272cd2e54b75dca1094a85bdf1f2717df9788c6c5dc68562c3cd6a7411b8a7cf50ff7e9027de381cfc09ca01d8cf0a4d3

Download Submit
C:\Program Files\CyberLink\PerfectCam\subsys\YouCam\cldnn_global_custom_kernels.xml

Filesize
3KB

MD5
629e11048e28b76bd6f1c04ae718985f

SHA1
665e050aeb09bc3e9dc04e045ffa59ecc5fad072

SHA256
3ee0e0e52926e70ea8042bdf082a25e71406daa7fd290f646c98420e7c0d5d1c

SHA512
579c2857e5d1ea26c4e4991dc337741d76f73d314bb619190ac07cfd47b37963ca6bade84db5ea9d590d48b830fe5bb6101d8e143d9be7f8242a20aa636b656e

Download Submit
C:\Program Files\CyberLink\PerfectCam\subsys\YouCam\msvcp140.dll

Filesize
626KB

MD5
d396985225d85caa7d743d67c7da6316

SHA1
915d5829ed02171684c2a9e8b3b57f7a35bc1e2c

SHA256
be2ef4f6d540d0ac5fddd556dcb6bfaf6cb6288679e4d64882d625ff35f173aa

SHA512
d7b0df2865bf491c9caf34cbabefb7b7f04b35b85276a59fef0499d02b09651d8f6d0db9e87df4a9a1417f07784a8e5625e9805bc434b87d64e442ab98e24075

Download Submit
C:\Program Files\CyberLink\PerfectCam\subsys\YouCam\svml_dispmd.dll

Filesize
21.0MB

MD5
9788de7e14a00847f2515fc4a8fdc0a6

SHA1
185ba55f57a9e239909c945f189c393dac0b1d84

SHA256
05f23059cfd4670c4c1672416ca0847bab4608076554db17c8c298127e78f2d8

SHA512
5ac95836fb739c063d3fc3cd07d240ebed2bb146e45615f0fef95dc80895eb4c93db075fa2ac3587e6ab2379c7490a3acb3bb5d28bee78f68db9871a22e786ae

Download Submit
C:\Program Files\CyberLink\PerfectCam\subsys\YouCam\tbb.dll

Filesize
389KB

MD5
31bb70130d0ff57af315d0a397ba0fbc

SHA1
68b891c4dd4d92b592b22694d6ce451bb356bc70

SHA256
90b53131bafd49890997b1e069a0df759cdc4c47fa79edf7ad11ebf70e1cd02a

SHA512
c68a9cc87cf16ebe42493623a5ad44169712d9517008e01d901bae722053a08969605271acdfe686283380a4e2cd7ead989cba47c342770d5ab2ed9b532587f8

Download Submit
C:\Program Files\CyberLink\PerfectCam\subsys\YouCam\vcomp140.dll

Filesize
180KB

MD5
56ce9c075ec13cf3fdc23dd554a8ea25

SHA1
ed9edf0c77c8e3d4ef6675c360aa6cc625a0d70c

SHA256
1d480d651414304bddd0928b1c1563b4fb7f89b1c6ac30650c884150de0ec540

SHA512
125a5d87ef3f4edfd0bd21beb8f616343a42a5b8b3543370fa5306e015019acd4c40216cac7148306956497144c84d1f12d6d91c3a08755938f7df30634d4d41

Download Submit
C:\Program Files\CyberLink\PerfectCam\subsys\YouCam\vcruntime140.dll

Filesize
85KB

MD5
9a53905892d9c9f3bf9d295c8b32e446

SHA1
2c5c56ff86fb1e827b2e0d479c529baea13eb561

SHA256
d58e3ff10fd96a22a8e6d2fd76146a282cc45ccfaf2301257e76e7c2771cbd41

SHA512
2dde975e15f95aa9310820cae009f2b04e26b7bafebb42d5822e3917017e4a37e17b0a71825f8f79f075abc1507d7d4d9202550fdd7a53ab54ac0fde4349fe2f

Download Submit
C:\ProgramData\CyberLink\Boomerang\_setting_\a2a9a320\profile.ini

Filesize
100B

MD5
e4b46c7facb2a0d820374b00a856cfc0

SHA1
b9d05aa4adb0fd1481626d38cedec4896e950305

SHA256
5bcc1ec84cd2551d6e175a7f04a470bcb67b634dfb7af108f54ce42d6ca6c65f

SHA512
602d411f28a9da9899eef049733af22384cba5de5aa7171779a080a04f69047af6d41c6e89748a8953355f27c30d66a0b03d7f27a6b61158ae556ad99eb47ea4

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\setup.exe_v2\23b29eb1-6089-4c1b-93bc-3eb4e565cd49.json

Filesize
998B

MD5
5b89660723692e5ad319787eeb704b32

SHA1
a394ab8480232c538c4292dd96a406e0522dd5e2

SHA256
41433a140941a2f232f208bcd4787df787a19b549b5a51bf65b5c30bc836c27f

SHA512
8785ac6109e6c9cda79ec2373d3f287b7f605bf7ce513f21263a40b03ee1761b6c717f889741484e5450be93b677ed665af2ae0a85aefe3afff7c34a7326bdf4

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\setup.exe_v2\UNO.ini

Filesize
7B

MD5
be9d6efbd8632e482c64618f00a701fa

SHA1
cc7c0702a34305282ba77d4eb88db1fa0bbed850

SHA256
d94fd0c7e43df0a03014a44d79653c0845adb29e6222ca47718c46af90847b84

SHA512
c59eee3a838ec35f447c28a701289f3f35ea5ec08d0c38df54482b39a2219598074d49fc162b1ef46d9e20c336221f53bc86de7163183193001b466ff36dd5c8

Download Submit
C:\ProgramData\CyberLink\EvoParser\EVO0.xml

Filesize
35KB

MD5
6ea9b0dbf971ebf326a448f05da442e8

SHA1
12f8791d16ad7044c52b9463c934494ca79d8bfe

SHA256
56805bbdd5699b1e4f78e626698e5048ce50a26f9c4cf07c69ab3a9cdf2f5b58

SHA512
5bf73d25a0e62f05f53121aace1ff15878eca284ad927bc9c4dd2fc509d1e8e10ee3afe753832bf6dd07a56806d71b2f8ef4c5a866cab873fac49c133cd74db9

Download Submit
C:\ProgramData\CyberLink\EvoParser\PerfectCam\2.3\Boomerang\EVO.ini

Filesize
210B

MD5
69effa953ba137e4e7bb89a05ff04aff

SHA1
faa526ed6d2a5ec812facb8418542182d1cd1de8

SHA256
6b498d0e70ac6e6fd106704b92e7708d0e9bcb239663c4ca4e5ded7e7c63b382

SHA512
6c7b4d6a52d82a7c0bf96338739dd92da8fce3e919dd5f271ee5942d51d253971ac5ea24efea5abff0c0adc8af22ffd37d66c42abee8b7319b1cc5a0be8c8348

Download Submit
C:\ProgramData\CyberLink\EvoParser\PerfectCam\2.3\Boomerang\EVO.ini

Filesize
229B

MD5
0b4944c6e14becdc714b61a681ddc144

SHA1
cdc06fc838c64908c08e6d82dc0e41508609efee

SHA256
26e059bfa372a27120404b1384f951ff7996797ec88c97450d411b203ca0671e

SHA512
b3eccdad9c6a4571c532ed9712d8bd0120869d03ee36b842b24c0876f5e7cb71bc0c078eb0748bce06cbf1a57bc172a7f217418c5bf7917cdf89d2ebd864a188

Download Submit
C:\ProgramData\SUPPORTDIR\20240416_91641_3024\APReg.url

Filesize
299B

MD5
9be3b6f554f5c19f4eef3f528b009351

SHA1
c10097facfe20e1925d9c1f57f395f6575eb0f07

SHA256
11d8bf4897d9280fd49a563b07718319c34aa53f3b5e9f0b8ada46fdd72f6f1f

SHA512
5e2f676a4dc0d8423250efb6228b872f8b54132c1f080cf70143b63da3b9db61a68bb9bff04b3bf3a87da8ee4f85ba416cae138241ec8ac104e744ed90000939

Download Submit
C:\ProgramData\SUPPORTDIR\20240416_91641_3024\Define.ini

Filesize
704B

MD5
37fe0ac07307e5390d1cc9ea98b3293a

SHA1
d5e7c6c0f8701ca5f9978376c5007ea8a8eef050

SHA256
a2ec7b29ddff70292f4375c293069b77650d325c834c079fbb3142819f20ef37

SHA512
57a62f104ae199a793d7d6fbc819ff115db579ad796809b0b548ade19a6e8ecf79449cb3e2f49a3ea116af33b365ef1afe62d35e32e28a6cc7db0c888d23073a

Download Submit
C:\ProgramData\SUPPORTDIR\20240416_91641_3024\UNO.DLL

Filesize
888KB

MD5
2b180f534ba45bcd9eeb0a5a4adf328a

SHA1
0b1e630c53b50a8960d7c81c0869aa39ba9b07d2

SHA256
9e92b0cee11594265b48d452e9eee20c6d0a1056180b92fe2fb9e6bd46e533a4

SHA512
a33327407373228dfd7b9f84975dad1ee02711817bad6ca8d8f66a600d97a707d171a31d4e79bdbb3f5d19ab3ac5ee6c4d831126cae390c58dc7ff291a89dcf2

Download Submit
C:\ProgramData\SUPPORTDIR\20240416_91641_3024\royalty.ini

Filesize
86B

MD5
bf7e4c3b3d522dc5a19a587664771681

SHA1
453424dcf74f4453344fa208e53925949ed72191

SHA256
356605608d5e270fcd9cdd74c3cf12571b556a6ef445e170248f093c9c248b13

SHA512
95e4e71b273bcb89e620ad4aff1ae5a3ca863a44e90b722d35c4f4e593dd99c091de4364c66913ec356778cb45a601fa2334fd1d64742a214b352ede94b96c9c

Download Submit
C:\ProgramData\install_backup\{C311A2C9-A8F9-408A-8386-B3118338754C}\InstallationLog.log

Filesize
4KB

MD5
abf396cac9d8a644f7720a69981ee681

SHA1
549c0cb87ad7b07627f5450622f6b79815222dd3

SHA256
84a9197ff962bc6e5a6afb3a4eaf0c40a2a0c6aee4b731c5b165f12e15c5e058

SHA512
8d33c6f2495ec837178f36e371de5daa852afe485e4a9c0a53f9c16c2939641cd73c70915cd08725d7f5959c1442c6054d78d73dd965c5ae4448080c9b6b3839

Download Submit
C:\ProgramData\install_clap\{C311A2C9-A8F9-408A-8386-B3118338754C}\20240416_91641_3024_install.log

Filesize
926B

MD5
73ba6ee5e3415b860b07f4b84e7cb5f5

SHA1
b6216e0bcf86d2804ea36eae54fe190d575a16b4

SHA256
e6c7b909a3bfb649a64ea448b522ad8202be2b5d0e14613fecd762d65ff68212

SHA512
9db1aff8c76eec3e3999f4c58903f2df784f079d757f35baaf1d87c14f61cff79f5b9b6038d8855269e223192385c653af7ef266f1cd1a07093435d5e55c9865

Download Submit
C:\ProgramData\install_clap\{C311A2C9-A8F9-408A-8386-B3118338754C}\20240416_91641_3024_install.log

Filesize
3KB

MD5
89ab7782e76fcf4f7a7f7e16208d28d9

SHA1
e9bd9f5b2d57de0aaaf59a6ce474ab4ea98b9576

SHA256
ecb6f3e909b071fada6ca04e01bcfb7148868c4519530229c172a74983831b63

SHA512
d726f69f272383c3c5200a6ed871c42232a5a2df5096fd2889fe98eb07d187f0763d31e1fb184b3de7dd65ea6d74e31bc24046e0efa989e2dc3bb8a0e6d3f38b

Download Submit
C:\ProgramData\install_clap\{C311A2C9-A8F9-408A-8386-B3118338754C}\20240416_91641_3024_install.log

Filesize
4KB

MD5
6439b84418d5f1479492eac3642fb678

SHA1
6993ba2b24a5b039587885e37ed5a33dcfc5d4a2

SHA256
40cdb56ffa4f7ad04ca4acb70419cc5882300867b0ce81e79b80e1cd2e010679

SHA512
cfb6df96f9d83b2e3a8a0c1fc25c764219afa4e32fab077599b2542ab9c12c6d409b982de09c2e2ea21ee437593e54bebc65a27502b89a6fe7af65162af202bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\370d2847-cb55-4e6b-93c0-ebe458e1c419.json

Filesize
976B

MD5
bc81a716d649062e0964c6eb68d7fb23

SHA1
090bcf75fdbebfe75010950f093f342e8f6b244a

SHA256
5b8485d5fbed242b8155bcf06a587fb35abb81f6271d90c335e2fc01b23c66fa

SHA512
68d10be5a386a4f695a0c74030542ba1fd4683e781e40a7a625ca43cdf1789d03728a206a263c2911fbf64d81c5ad09d58c3f3ef6220f1dc3f93e8004ec2608c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab53BB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\7z.dll

Filesize
1.2MB

MD5
da425c228f084a8016e0d544c568a441

SHA1
5fc1100768dc8b3d22e9681c67bd92df55fc6351

SHA256
e284e224db99a6603f358b5e73e774f80e7cdb7a3e8dcb26ecc3a8662b19d1eb

SHA512
52cd004ddf5b369964ee4f380e8fb830cb3f3b4903ac407e92fbcb8f6ac8b947d625b31b670533fa46561d6055ca6bc19e8bd0b39b444d24c129a9c50b973fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Custom.ini

Filesize
536B

MD5
649aa442cf25dd9d7982d220a3de9869

SHA1
b8e6b314e929b0ebb0a0e13af863169491feb3c8

SHA256
64af63535e6b1f20ba9f67231d41530b4bc00f3074840546ebbb71207481f587

SHA512
0e59f5ad2dec03e536973b28de411d77e06f744789966486f9870cd6f7efb44fbb6afa745655ae362ef6c9af6f056539edd9779522436eb4702fe0c7f72448b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Data1.7z

Filesize
126.6MB

MD5
23cf8272acbf64c07a8b2c044a843cbb

SHA1
db48e1af91448f9396c631ce902b27dff7445fe1

SHA256
f7b854c246d1261c6be22cc07d0bf9f9d4852321009a5faf09df7f2ea0a37f17

SHA512
5eac6af100179110e4d0aca93186d8f18ce935e214b5e5c1beec1856e4445884e0810189debf075be94e9e739d8eccef6a0e0312e036792e011ba2e01e0a56f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Data2.7z

Filesize
74KB

MD5
ca1dfc4c929bff3482a2231d642bcb86

SHA1
164b81976e094a53e7e17adc8a98ff6d3d30baee

SHA256
a2933d3a086411a7d6732f2861f65f1c352579c7b4f084fae3bf783f399a9cef

SHA512
5f81fc7185684ab62135ba232b2eb09d50a5a46308e0c2d83d35190940f74b800897d6b5b0bac3210c5f9244cd4fc5eaaf3c59472c0d255b9606a4190ececfe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Define.ini

Filesize
704B

MD5
163048b32197d3c5711c525530e0546a

SHA1
460daf6a395240f69dfaa272e16f1a1dc45019b1

SHA256
674558e48d565c3d317f96f58e47cb2469c7dd5afc38644f42a664cf72d0ed07

SHA512
a6bc583d6d521f11c8569c6d8111f1bdd505207e10b45afd19a5889a51fbc218171397795d102cc58e61376d080c5095ce13e1910aba3de4ef2868417f27d4d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Product.ini

Filesize
254B

MD5
8dc39e8968de9eb42efbe6c563bba962

SHA1
076fa003cbf4f3238a624b7f2367c1ab2e5ccb37

SHA256
549c455461adb540102abdb286696fd7c1a2f4dc50e58f00e5df771b33f27f57

SHA512
e4a71e332abd194c4770a6aa969eccb85069bb7679651c2581df329cd3c67faf0030965c666a94f54f45b3ee4dc5fdec9d8e1e493c1bbc8e8641b8d5f2f55c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\SKUtil.DLL

Filesize
257KB

MD5
a997059f6f633b8e8176a892f54c4775

SHA1
ac622844514b077486a889740bcfee974f7c2a46

SHA256
6f865fcb325d166daa2f9ae6da92a93e1816896dce280db99d8b542f2aead461

SHA512
ecac0dcdc2cfa017dd6d45bad721cb8b2cdd776b7e6375732cf85260af2ce85e2408f81fe68d939231d3946832640e973aaf2f2c04f1357d68172fecce94a1ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Setup.ini

Filesize
219B

MD5
fa17539815cf2d8ead25b6d1a101f0da

SHA1
5cfae601b124470e911c68a195b7cad35590d97d

SHA256
b1ca14acee4cc64c25cc0c3621857c9a58bffb7dcd60d17d0a2e72861882ee6e

SHA512
263fc4a308ab02b1d49fc90f3b66ae7427fa36b794c4b402f2b38754dc101c9a1d94823711e2e528e3e45ade7df8be63614da79d49a1c0b7036abbd23c69ee0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Setup\RunTime\VC2012 SP4_x64\InstallInfo.ini

Filesize
176B

MD5
07bab4d1a21cdf9e6db66d169b519919

SHA1
66eeabb55a64eb83766745793b197103290aa9c7

SHA256
dab047516f0685a64844b1c7ec91317b23cabe271a9b2588b4c4a24c9543b91e

SHA512
f708c373e5c4fa5431255df2d52d1dfb2aa22ffaddcb39bf81f04c7e7b6f7e65177a703c67f74f07163d606ff64b9b9efe295e7527f1ddc3daeb1659e0a25c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Setup\SKRSet.skr

Filesize
19KB

MD5
2f9535926ec863ba998efdee95a0cd8f

SHA1
bcaf9596a6051594cf8c129671433ea048b539ff

SHA256
f19884fcc3cf2dc2bc07d43290c3ea0eed0174f064235c8e7cb5e0375861d6b0

SHA512
67697b52cc639dee3ab158921a8b11ba5b00993e843960b5c4ecbc1d08c8a61056215db375d7311053c153d4b48b058d2dc4a0c4d70fd0612788677866d9ed01

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Setup\Utility\Promotion\Enu\Promotion.ini

Filesize
1KB

MD5
7278bb43f65b465d80405fd574798b4e

SHA1
fe279c24ae83052b0b7ee5432f68daf0a512c36b

SHA256
88ccfbaae8e6638dcb1caa001054e813553fe037864cabcefe93d23e5b492e06

SHA512
18936edb70bf34d0ee3b712608536397e8701b875c707132ffb73032d7cf36a995f21cda7c23d2d188d872c7d3867d4093e495139ea4280af7940fd1e795566a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Setup\Utility\Promotion\image\image_003.jpg

Filesize
118KB

MD5
c689939ed853068853fb2fc7ed1f7c32

SHA1
e7ecad94a93942b6b99ae17980a66010dc442bcd

SHA256
7d463d04bb075c4aca335a37b1668a3ee17b2649d7c45aabd1af1d1310404d3c

SHA512
c48fbfeda1a0738a96387bcd21a93c17dcbed2f4edb1353ffcafee112db72cb2410e1d4f0808b4a5dd71b8f82c8ee89f7ceb8fdd1c9dbd6f8e4ab2e6903066eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Setup\royalty.ini

Filesize
86B

MD5
93ed554d8fc485fb99234593cf50720c

SHA1
6c46592f53af6f37fa25bfaa380feb6074e01876

SHA256
d2ed041d662a805b9d4f080043842963d45fb489020a90cac014cf219cea8943

SHA512
b1a834d05f24888907fa2058bac752dd973d75c1a094e56596b0085b45dbe846a3694a9aa8fda7c5ac28bf929fe3c96c0f51199f705914f944c1736c2e02c9c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\SupportFiles.7z

Filesize
908KB

MD5
775a7a8df4f0c3cc21a589b823ff390d

SHA1
4c6e190b48c4a333ba497216b58eb334a10be933

SHA256
188a321d7465e24e9d8a4f07f67eef1131c0f663399488f4e083dcdcd7230c39

SHA512
23952f122665caa7afd4fd37847bbea53938ab7ddd25bf49b58e8219e09c93834e6408514afa10d379f1e0640fe49cbe53c066424975c538b0438e2e9c0cd009

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Ureg.ini

Filesize
336B

MD5
85610ebb57d5ed947a0f9a568616e36a

SHA1
5e9bf858f5e2393d49b4eec92201b5a9a8976fb8

SHA256
d96b3a1e3f9eff6a28011ea6117af2408b20711a78f69e8ea7fc4b10a4b373a0

SHA512
e00d14bd19c00bea85e80a76362e2300b024ece9cd8f9dd437b572c950ff5a3613013f567e40cd52b1d0e144bdf6b14af5e4e05ac74e39d8a70f3bdc1dfc7cf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\info.ini

Filesize
616B

MD5
fd3deb57ebcec6be6da748f5552d14e5

SHA1
5cb23464293dadc1fccb5536c1c10767a7af0612

SHA256
53f09bd4d7795c57f1b9ae0bcf69853e7914ed2a1c2bc2178eb4946973719b84

SHA512
47a9061c95b24440be7cf99a48c1a65eb30c6f018727580cda15281ef5318aac2ca8f0b40e509c74499d590eccb11e11c029b301d809720902eb13e0307770eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\f8f74620-7263-4237-b0af-353fd26704ed.json

Filesize
1KB

MD5
614f422d88b6b22644ba313c3eb113ee

SHA1
81823f8107d55550fc0ccc02fe6cc4e48812f3ba

SHA256
c04dfae9e2e1b6bdf9f1ea8121d1e37c3979cc1eb826149abdaa91fef839e473

SHA512
06a99240f979a546a644478b86e92883b861acddca788ba268b5c35baf764d3276795b2d77ce77bb2fd6206752fbd7fa5e609abc979876800a899b1fdd7ba3d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst763A.tmp\nsExec.dll

Filesize
6KB

MD5
35200be9cf105f3defe2ae0ee44cea12

SHA1
3f4a09eeb477d3f048cdfb848b95aa39b20d89dc

SHA256
0096ae873c75f4e4d802dc97eec9893acc0749a7346e63f25a8d52ba8e11c527

SHA512
f8f7d8a844d588c6e2d6dc54e0d4bcbb1c4229a6e8f4d110a5e3d47eb0b8b5e0860ff5d31762229a731e08d7b232468b2a78c29778a9f0c62a7381db89175833

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6d798bc0-a665-485c-2078-2776cbd0812a}\SET4328.tmp

Filesize
8KB

MD5
8c87918d3dacba77a8c5c220ef6da230

SHA1
20784bc5a6c9b6e891d81526da2baa3a549bfa90

SHA256
d83dd145f1260ee6447ebb12a21fe5b8578739afbcdf463fc2a4779c93101a29

SHA512
79c8bde61b7db0b560e710e794be7fb4b941d17ca6e47132ab8f1b64c9ab911500276ff0ba69821e72d7588b46558f17af9ff8f86c5f4debb3026a95ab574a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6d798bc0-a665-485c-2078-2776cbd0812a}\SET433A.tmp

Filesize
48KB

MD5
134d62c5243025a854cf950ac0d06584

SHA1
ade2e62018e3e206708f005df07e39895611451f

SHA256
939855c102762d9563b87392ea20331bb37ea2209b15a69068cb1be51de737a0

SHA512
73715cebce6b64eda41fa827ded34236210c480bfb9c1566ebbb3ed31434d2d17fdb2fb2a6d02c2328668d2400626f7a377dd2b939e328a24751abf707f9e5df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KZNIDT1VH0MKJ56CKY46.temp

Filesize
7KB

MD5
54d42469e7ab661d029cc15782068274

SHA1
c28d9791ee652f588b2490ed1cda4f023537d5d3

SHA256
07a5132f4c50b1539bb4fe602a46df6f2479cc668cb53c4c906b468ddb14176a

SHA512
ad99b39c29cb3f0381e459eaa69cf49506bc9824dc2509906e97aefe98644c72c30fc2439967dbf40c424f077f9978537e0bb5d282a4644bbb983ad9a758baf3

Download Submit
C:\Users\Admin\AppData\Roaming\NSIS Uninstall Information\{C311A2C9-A8F9-408A-8386-B3118338754C}\SKUtil2008.dll

Filesize
179KB

MD5
29c9fcd77551e05d83752c76d10a7a17

SHA1
26802dbee2dc8c4a4c2b61fdccfdc88459dc2f29

SHA256
04c9eaf385e33c5039909d4512ca654d6db8c69fe92aea1cb605c62b21f36cff

SHA512
43f8f05de983766037165a188bb7496277ba323458cb1b96b14b58b06bd334f644d4f1c27bcb4adb539802ac81d458e8e6c1a40da4c9043487a425fa9a86293d

Download Submit
C:\Users\Admin\AppData\Roaming\NSIS Uninstall Information\{C311A2C9-A8F9-408A-8386-B3118338754C}\Setup.exe

Filesize
438KB

MD5
e4407d1b46ade4653de16bfc9823a05e

SHA1
6c5be692fe5a9ffbec216147673e6e35b3e5d47d

SHA256
12f5ed3f8b8813e701d1fcce3364dd9cca87ac5602dad2ab7c3c734e9fe49523

SHA512
fb1e03c494ab5ee5d49ae008df7def6e1b76babfcac3f19e176e3a8c7bafef258520b0f8456e77507c38f4640185f156b1cb31de2397606a320a4459342e7d79

Download Submit
\Program Files\CyberLink\PerfectCam\ShareFiles\Share\language\ara\EffectExtractor.dll

Filesize
40KB

MD5
9d31b4ae96fce0399a93d277043678e5

SHA1
7ac7926167b99913cb87c456366cecdff6d36760

SHA256
6f298d04c35b4d873407feb5ca38c5e69b3e2a3b6e001471fa88ab365dec4dc6

SHA512
2263b5ccd9fb7c358c1106530b48040c88c12c5a8461c6cb553c52cedbec2668dc484d94e38b4850f1dbd5d4350cda03359609d34e73667d1ca819bfe8a6b30e

Download Submit
\Program Files\CyberLink\PerfectCam\ShareFiles\Share\language\chs\EffectExtractor.dll

Filesize
31KB

MD5
98f0cc8a6f59a1ddee480ae13d44e0f4

SHA1
80693a459da96a15d108bf3772e456888be0c7eb

SHA256
9aac5449d9fc02199cd137dd0a5a77c4559cc35032f7ac9deeea9316e9758cdd

SHA512
780cd4158d03e5b96386f6b23c1d9712442f20779e6ccc1f95b9cf77cb1561a3702ba39dbe7cc8cd704441482e0ce01f2099c1f09823ba06ffeb0a052fcc3619

Download Submit
\Program Files\CyberLink\PerfectCam\ShareFiles\Share\language\cht\EffectExtractor.dll

Filesize
31KB

MD5
067cf944b8164e322518ec9bd967059a

SHA1
1b8ca5a1c947dceab6944a1537509ac32f3cba1d

SHA256
465deb6c5ba0da60109aff81259d83ff4ff31088242b0f5eade0e8cf1ad89ed1

SHA512
a53df43cdde8377fd9aa68ee4f07279e9e04369fc1c22a9787e94a550c449c15baf1b4e473903baa4005e6be7ecb18299effc4780fb1ef8a892875d67479132c

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\7z.exe

Filesize
413KB

MD5
1f4315e7750a0fe96050fefc42eedc7d

SHA1
1504b661db7b1876afe1b74f0e84cdfe0b046fd4

SHA256
0bba424ce8ae4a607ab4a8b2c508fb4fc1998478e0f00917da43642af8997841

SHA512
5109c85cd44260dd1dad516aa7749767a88f1b6dbc9c1052d5986bdc6075d52e828e7c291fd7ef7215e7723cf3a942096faceac2062723f132e1d9015ce49493

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Setup.exe

Filesize
906KB

MD5
82e2269fad4d6d4b1bc2f043bd86b2b2

SHA1
158a5c3af624baadd2b330718eb24408c3e40897

SHA256
c8d5bd633b634808066066feea07d9b34d0edd629a8eb7345a48c83a51587d5a

SHA512
c60c6d0a9947dc1d586d2e31d0225f797d3a97375017544862dfb4c01eb71349b2001d178a83eff112f30ba4aeb5f5735440ea14a24a8491e793cfda766aff44

Download Submit
\Users\Admin\AppData\Local\Temp\nst763A.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
\Users\Admin\AppData\Local\Temp\nst763A.tmp\ThreadTimer.dll

Filesize
84KB

MD5
e3223147899fee2eeec148993598f2b3

SHA1
78126b8fd178401fc568161549b1c5eb2d0dd5da

SHA256
1a14e8dc8b2d02fae1b40da9dfeb8918933778c7bebee927f77bb44c19d4868c

SHA512
0ed8cba8aeae4a69253c424488e49ceb17f412041361370a5439f27091238acbcf697746bf5dce2c3ce0c624f615c945b537aef41a50a67592a0dc010ede3fb9

Download Submit
\Users\Admin\AppData\Local\Temp\nst763A.tmp\UserInfo.dll

Filesize
4KB

MD5
a0efe0f3ef127dce9c59f407583061d9

SHA1
25ed3628daf08758870d0fe47f6997a9e97bedd3

SHA256
4506ff20ddc5eefb21d690e954f52df3da46fa47ec263ea965d86a683e74db40

SHA512
c403927a9def453a4fa031c7b45bcf202f0b4063f7dc39e3abfdffce3d663f3d7330ce70d8033befa6c45f7297ffd3f00d080a68d4c2611f8bd928d914e4881f

Download Submit
memory/240-6018-0x00000000731B0000-0x000000007375B000-memory.dmp

Filesize
5.7MB

Download
memory/240-6017-0x0000000002780000-0x00000000027C0000-memory.dmp

Filesize
256KB

Download
memory/240-6016-0x00000000731B0000-0x000000007375B000-memory.dmp

Filesize
5.7MB

Download
memory/432-6042-0x00000000731B0000-0x000000007375B000-memory.dmp

Filesize
5.7MB

Download
memory/432-6040-0x00000000731B0000-0x000000007375B000-memory.dmp

Filesize
5.7MB

Download
memory/432-6041-0x00000000026A0000-0x00000000026E0000-memory.dmp

Filesize
256KB

Download
memory/1052-6053-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/1052-6055-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/1052-6054-0x0000000002700000-0x0000000002740000-memory.dmp

Filesize
256KB

Download
memory/1052-6052-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/2292-6029-0x00000000021E0000-0x0000000002220000-memory.dmp

Filesize
256KB

Download
memory/2292-6028-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/2292-6030-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/2432-6102-0x00000000026B0000-0x00000000026F0000-memory.dmp

Filesize
256KB

Download
memory/2432-6103-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/2432-6101-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/2456-6114-0x00000000731B0000-0x000000007375B000-memory.dmp

Filesize
5.7MB

Download
memory/2456-6115-0x0000000001DE0000-0x0000000001E20000-memory.dmp

Filesize
256KB

Download
memory/2456-6116-0x00000000731B0000-0x000000007375B000-memory.dmp

Filesize
5.7MB

Download
memory/2536-6091-0x00000000731B0000-0x000000007375B000-memory.dmp

Filesize
5.7MB

Download
memory/2536-6089-0x00000000731B0000-0x000000007375B000-memory.dmp

Filesize
5.7MB

Download
memory/2536-6090-0x0000000002850000-0x0000000002890000-memory.dmp

Filesize
256KB

Download
memory/2880-6066-0x00000000026A0000-0x00000000026E0000-memory.dmp

Filesize
256KB

Download
memory/2880-6065-0x00000000731B0000-0x000000007375B000-memory.dmp

Filesize
5.7MB

Download
memory/2880-6067-0x00000000731B0000-0x000000007375B000-memory.dmp

Filesize
5.7MB

Download
memory/3008-6078-0x0000000002410000-0x0000000002450000-memory.dmp

Filesize
256KB

Download
memory/3008-6077-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/3008-6079-0x0000000073150000-0x00000000736FB000-memory.dmp

Filesize
5.7MB

Download
memory/3024-482-0x0000000003AD0000-0x0000000003AEB000-memory.dmp

Filesize
108KB

Download