Overview

overview

5

Static

static

3

bdcamsetup.exe

windows7-x64

5

bdcamsetup.exe

windows10-1703-x64

5

bdcamsetup.exe

windows10-2004-x64

5

bdcamsetup.exe

windows11-21h2-x64

5

Analysis

  • max time kernel
    404s
  • max time network
    1590s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26-07-2024 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bdcamsetup.exe

  • Size

    31.5MB

  • MD5

    cbb2dc1b64c5a21da53d79f0ad2e1bdb

  • SHA1

    b2e411fcbccedef4d3a64133aff5d5502291b24f

  • SHA256

    5aa1234eb23bef8628cdc9189879d629b418cd1d176c99c024a15c3bfe5e413a

  • SHA512

    73391f29a027f1184d2ed673667b86bd96eaf97df94e4fc13c03ec8913c9ff36f3a549b7a4f79f67755cdd8f61fe906e61de1559dd884f2623add72413b4841c

  • SSDEEP

    786432:fmDBQyG/qdx5SFTFI/Xoa74EJCvBLRUH0PYNr/h4vW:+D0qd/SFTFIcGyIpr/v

Score
5/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 14 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 18 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\bdcamsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\bdcamsetup.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:220
    • C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
      "C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE" /S
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1008
      • C:\Windows\SysWOW64\regsvr32.exe
        "regsvr32" /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3460
        • C:\Windows\system32\regsvr32.exe
          /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
          4⤵
          • Loads dropped DLL
          • Modifies registry class
          PID:2056
    • C:\Program Files\Bandicam\bdcam.exe
      "C:\Program Files\Bandicam\bdcam.exe" /install
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4128
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Program Files\Bandicam\bdcamvk64.dll",RegDll
        3⤵
        • Loads dropped DLL
        PID:2836
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Program Files\Bandicam\bdcamvk32.dll",RegDll
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3100
  • C:\Program Files\Bandicam\bdcam.exe
    "C:\Program Files\Bandicam\bdcam.exe" 0x0001A5D3
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:5052
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4724
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:8
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x248
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4360
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1292
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4636
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:1696
  • C:\Program Files\Bandicam\bdcam.exe
    "C:\Program Files\Bandicam\bdcam.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:5352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\BandiMPEG1\bdfilters.dll
    Filesize

    4.1MB

    MD5

    ed730387fdcd684b756601b863c47417

    SHA1

    c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

    SHA256

    9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

    SHA512

    e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

    Download Submit

  • C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll
    Filesize

    4.6MB

    MD5

    13f7a29baa1e04f74151737cb71bd0e5

    SHA1

    0bc8682c6c96923a729aa6239aa53d95221b13ab

    SHA256

    008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

    SHA512

    4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

    Download Submit

  • C:\Program Files\Bandicam\bandicam.ini
    Filesize

    27B

    MD5

    d025f448d8dde9678a0bf6dac26a61fa

    SHA1

    c457f5ceffb60e233e131187bb7d11e20ce831f2

    SHA256

    cac812c36cbbe7821ac92669643572fd33002815976a43d1820d47205f264f6b

    SHA512

    e5ed08fe970d0f2293792982a52616efc69fc0cf3e3b3a2e96f083ed72fe06e4bfa6ae23d7c04d6a0483eb402d43c37cd1e4bf73334a116368cc097ce4c81adf

    Download Submit

  • C:\Program Files\Bandicam\bdcam.exe
    Filesize

    13.4MB

    MD5

    995a92cc9018419ee100c0f19f40fc7f

    SHA1

    6a6347ac627a9fd035945c4a22b30a6d089a070a

    SHA256

    a8c3439c80e27c0a9eea4c13dd0fc263476a9d39ac7b0d3278be62e6e14f9ec0

    SHA512

    47ecd16b5d7fa1fdaedaebc075d5f12a6fed150e5309139a2d3c0559a04ced202788d24f252e7b0a775682adf90444cb1ad8be643f145dc91ab47ede55c00935

    Download Submit

  • C:\Program Files\Bandicam\bdcamvk32.dll
    Filesize

    1.5MB

    MD5

    9051ce47609c3670afedce797b9cc1c3

    SHA1

    6e7929058c8e011b1ac24e72f5c32570fb17b2b6

    SHA256

    07cfb828516e8ab690933df6012c97375b2825fa8784965eab2a4198b9b290da

    SHA512

    8f6712cbc68bdfb1c2b33a6231e33c57d476f20fe05299a22e95e6f47c4115a86efb750a97970aaec5132f99ff073aaa358fba63835fc1e3ef2cbce0a5009922

    Download Submit

  • C:\Program Files\Bandicam\bdcamvk64.dll
    Filesize

    1.9MB

    MD5

    f488d01d37cdab9bbecf59632343f12f

    SHA1

    7d2914422378a17fa0551b71336a053e94d5a1c7

    SHA256

    7e3f8e9cb1c074af15384312568ff9b181cebcc452756d229adfd22fb163a1eb

    SHA512

    b605ba7aa17fe43a389061a77e21791845dccd55ca8a2e98cd38e0f730fe73560014de57f9069ae93906dd215c63b4f53b64b63849cdbdc13dce71052d7824b2

    Download Submit

  • C:\Program Files\Bandicam\bdcap64.dll
    Filesize

    21.2MB

    MD5

    7214c7b4d2064db6827e2c3308a740de

    SHA1

    45bc92de40161252010dbde86a6637f34bcc46cb

    SHA256

    a7c59f782bc88f2fa39d7e7c8ec2fd2189325eb70c9e4b2dea1434cad1b768bc

    SHA512

    ef0ca3b5cdb5980586d886fa091efd67a51f031764628df01f3f7afb21c26484823bd86a6d29f2434b55fc766e101d80a1197d186404fe332fb1b4b0156700b6

    Download Submit

  • C:\Program Files\Bandicam\data\language.dat
    Filesize

    97KB

    MD5

    1a2907234b069c1e52ad296bceb630f0

    SHA1

    202f189aa148ab080225c6fb351b5e664847f8ea

    SHA256

    789704bfc14da7326bb4756b7339026d8915914905e821d57a69804b11a27bf0

    SHA512

    27a8b36ccf0353cb0fc41d1b41f0c66cfe7c41e95a79918498051c1c70b08d9a76ca0c9ca3f5361bf12a5f26be919766a84831ed4171690ab545f68c88612c85

    Download Submit

  • C:\Program Files\Bandicam\data\skin.dat
    Filesize

    886KB

    MD5

    2ebf0e7158b899a32ac072cc7d5f8d9b

    SHA1

    1b677c3e9fda3593f1fcbcc4b429800f06f3d5f7

    SHA256

    1814cfd6c5b79f65880fad7558a1cef35fd5f8f1f06f60e61945b58ab29f6ecd

    SHA512

    4b3fe1e6737296216e81b750ccac01a3ce77848fc7f6cb9344ea7ff6c352b988e8c8fe889ad7a850285e8b0fed90808aca12bfbcab206c4fdecb4b3b3f085e8d

    Download Submit

  • C:\Program Files\Bandicam\lang\English.ini
    Filesize

    135KB

    MD5

    4eaf9f783fe06f5ed362cdcf735687af

    SHA1

    28a76602a253fc165c83a8026037bbb8d4594242

    SHA256

    a6b5b9dbfb7a51aa91cea093e05699b28b55c92878b04887c72d7a23cfcb07b3

    SHA512

    286db775c95c171cbd4adde118b7af7616530ffeb4d337069b323f73ae966e2de9a75934a1af80c7f103c954c838e8e56acf020c21f65aa789a77bb9fb1ff0e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
    Filesize

    471B

    MD5

    299868876d41f6e81bfdd0219ac691c7

    SHA1

    8348f369d6b61959f1246e46e6c8af2267904123

    SHA256

    865f91ecd933366ac960decb8e5e332d103f47c50eedf31101e63b6709462ce3

    SHA512

    3227aff461fccbdacfb9509a5319a0ab7da45c34ec2b1b3db2246a1da85df86df42137f86a6ff7925fdf63e36619d0b37d40b7a9b53afe75f6e57a0fb912b79d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
    Filesize

    412B

    MD5

    7dfcc843c7d57f794462a5567e88c5ef

    SHA1

    8a497037a5db79ea8c8524c3b1d7eadbb9a0854a

    SHA256

    178348f90ddb6062ea965f839f400748189a2f11ab0047b64fb2998bac3e4ade

    SHA512

    e916da19fd3fa86b83a93d956d6f5025d58e5d1589426656707145c75d61d1fb5a62718efefb21d7fb5a1d483f1443a0db010a9d7b4ab9a3c907f384c407dc7d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\index2[1].htm
    Filesize

    1KB

    MD5

    00224cc7bc649b8c9189f903915f427f

    SHA1

    01fc44ccff2660261e33f87e56b6d837394355e0

    SHA256

    faaf8a99884c188175a8ba22eeb28fbd230986b2da37d9a3d61b9a377a3f8071

    SHA512

    62d88924a0b7f9deadc60e322ef41fdb51c976fb7cbef5c0b05d5195038a2bce1ca62f2126996030df863fae5bf7c73e0049df078a330c2b9463efff475cd881

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CFNGC9XN\256-bandicam[1].png
    Filesize

    12KB

    MD5

    5536ee3f61e2fefed336975a381964ea

    SHA1

    ab75c5c3df3ee34af317926ee297319a74bab63e

    SHA256

    77238dacdffe96bb67f270c8b0c7fecab7b221c2e12367e7060f28a359c35b9e

    SHA512

    29b5c832ae3c15cf819c6c13f7355a4e5719b511c3b0166c5e0901db4341f06c193f6ef0d0019ea47a9ccd20e6bb2e9c18f138f049280628139481140d5f0880

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF3C44D6D89DF4D898.TMP
    Filesize

    16KB

    MD5

    e3663498362def0d8ac8986dba1b5e55

    SHA1

    28a85eb2f602ac1121feebc6b984a69751a0ee48

    SHA256

    d1bdcf9fb10323bb01fa0126f3ad389ad63cfd0d5dd8b23ca03afb948ecafd29

    SHA512

    3ba58ef826e914d23d2dbca5b5ed9bfce4533cb2c803ba99fccebafb7595a350f5689f3d2004238ee40f2ff67b44903a1671d6034202dae9eeeaf2db7912df9d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
    Filesize

    1.4MB

    MD5

    461d135a4fccd51bbae38f742e123fd3

    SHA1

    c12a442fbcd4a9c44102f0a560ba03d59bc501ed

    SHA256

    4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

    SHA512

    41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb7DBC.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    4e760c60555fab55d12318e05742e68d

    SHA1

    fa73fd0e4ed21553c4b6a7a6cb13fe3cf588635c

    SHA256

    32dc4dd63103682a70c04e40b426ce4f4898a7637eb03c8682b90f025348ad04

    SHA512

    718ab17c9c1700c467992883fed3ea25799ddf5756325d06dfb804644dd08196ae34fca173af374a7888501dd8af23bd4293159c8e7725c833e6ed15f1406bc7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb7DBC.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    8f00bf60aa6c46c2bd656b5cb90c9f6c

    SHA1

    f85bf98ae5b330f302b250d6f6f445e830022c5d

    SHA256

    c41601e89102a6289cd44d87cbefee0f127ca3b8be4658006badcd7a21f54898

    SHA512

    9683fd6f6e74cf1614d1988329fc3f8b397f82d0da4eaa8cfaf99ba0fe5f1f2f7fa68fa1113464993be11dae4832f38f4d7956a11baa6205b9606f2c37cdb67a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb7DBC.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    bc632e1d30c239894978fdae20b69e72

    SHA1

    213aa2693298797e9657245bf18f6b160c0c6ed7

    SHA256

    bc39c19cea1e16789ad54518eca329c64add9877f62b1f1eba99ec56667e5718

    SHA512

    c32aba335ce32f5dc612483afd69cef4c9d3f1d38084794c0b6c6e1c046f801e03db1afa4000d5eaf23445f589ac1f6a02c0b7c317c4460690803ad7c1eab10f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Bandicam Company\BANDICAM\version.ini
    Filesize

    886B

    MD5

    7f542cea5c08382ee4c5d54368e80e18

    SHA1

    b8469bab809d966d65a1f5960df1103727605eef

    SHA256

    a4f776b17e036c38aa125a26feafc6a36eece03441e8a7a08cacb12ca2ee0ee0

    SHA512

    c595f0a4f0b4177dfd36e5d12b09ac2af1a0adf0be2936f8c083fcb148f9806d3048cbbe50631018d2e9a065e403ccb3bf94614b2152f23c248d4f2dcbe3924a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsb7DBC.tmp\Dialer.dll
    Filesize

    3KB

    MD5

    6e7e197ffa13cea15434b221b96b3202

    SHA1

    5fc93dca4a33d79d8601e888daa21a1d0e02eab3

    SHA256

    cb94aead070194af4d3b01f80ef85f227a70b5cfcfa305d26c3b42b8853ac6b4

    SHA512

    4d294929ba55e145027107aeef135d918f2d6ec4a7e3b9fc8fc028924019d1987c12202cf37e9adf18a70a02fb321de7f060c4977de874687fc8a4d924cfb19e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsb7DBC.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    720304c57dcfa17751ed455b3bb9c10a

    SHA1

    59a1c3a746de10b8875229ff29006f1fd36b1e41

    SHA256

    6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

    SHA512

    c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsb7DBC.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    f1e9eed02db3a822a7ddef0c724e5f1f

    SHA1

    65864992f5b6c79c5efbefb5b1354648a8a86709

    SHA256

    6dff504c6759c418c6635c9b25b8c91d0d9ef7787a3a93610d7670bb563c09df

    SHA512

    c22b64fff76b25cf53231b8636f07b361d95791c4646787ce7beac27ad6a0de88337dcceb25b5196f97c452dda72e2614647f51a8a18cb4d5228a82ed2e0780c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsb7DBC.tmp\ShellExecAsUser.dll
    Filesize

    43KB

    MD5

    552cba3c6c9987e01be178e1ee22d36b

    SHA1

    4c0ab0127453b0b53aeb27e407859bccb229ea1b

    SHA256

    1f17e4d5ffe7b2c9a396ee9932ac5198f0c050241e5f9ccd3a56e576613d8a29

    SHA512

    9bcf47b62ca8ffa578751008cae523d279cdb1699fd916754491899c31ace99f18007ed0e2cbe9902abf132d516259b5fb283379d2fead37c76b19e2e835e95a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsb7DBC.tmp\System.dll
    Filesize

    11KB

    MD5

    17ed1c86bd67e78ade4712be48a7d2bd

    SHA1

    1cc9fe86d6d6030b4dae45ecddce5907991c01a0

    SHA256

    bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

    SHA512

    0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsb7DBC.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    1b446b36f5b4022d50ffdc0cf567b24a

    SHA1

    d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

    SHA256

    2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

    SHA512

    04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nskAB02.tmp\System.dll
    Filesize

    11KB

    MD5

    959ea64598b9a3e494c00e8fa793be7e

    SHA1

    40f284a3b92c2f04b1038def79579d4b3d066ee0

    SHA256

    03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    SHA512

    5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    Download Submit

  • memory/1696-542-0x000001F855C80000-0x000001F855C82000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-589-0x000001F858FF0000-0x000001F858FF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-811-0x000001F845570000-0x000001F845580000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1696-540-0x000001F855C60000-0x000001F855C62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-538-0x000001F855C40000-0x000001F855C42000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-535-0x000001F845A00000-0x000001F845B00000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1696-534-0x000001F845A00000-0x000001F845B00000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1696-581-0x000001F858F60000-0x000001F858F62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-587-0x000001F858FD0000-0x000001F858FD2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-645-0x000001F855FC0000-0x000001F855FE0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1696-591-0x000001F859010000-0x000001F859012000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-583-0x000001F858F70000-0x000001F858F72000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-579-0x000001F858E50000-0x000001F858E52000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-593-0x000001F859380000-0x000001F859382000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-607-0x000001F859540000-0x000001F859542000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-806-0x000001F845570000-0x000001F845580000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4128-235-0x00007FFAACD40000-0x00007FFAACD42000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4128-236-0x00007FF7239C0000-0x00007FF724729000-memory.dmp

    Filesize

    13.4MB

    Download

  • memory/4636-527-0x0000027E41500000-0x0000027E41600000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4724-445-0x000001975CA20000-0x000001975CA30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4724-627-0x0000019763220000-0x0000019763221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4724-626-0x0000019763210000-0x0000019763211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4724-480-0x000001975BBF0000-0x000001975BBF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4724-461-0x000001975CB20000-0x000001975CB30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5052-440-0x00007FF7239C0000-0x00007FF724729000-memory.dmp

    Filesize

    13.4MB

    Download