amadey | 99ae4438723ada9b97e0ae8de731501facdb6698c87a19f96e1b901fa5c81e50

Resubmissions

28-07-2024 23:58

240728-31d1dawgmf 10

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28-07-2024 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Size

7.2MB
MD5

3c76e12084f57410323212b79c24a4ad
SHA1

c2663a2189440deae7a3826109bceacaea3a99d9
SHA256

42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3
SHA512

e0cfc3ac8407426902e08851db8fa3e75142de3d927ed091e12c4603a896c581a182b9069d04ce4032f974064e66db9a68a83d48ed1982934f6203a7b08964dd
SSDEEP

98304:LH7CgqLPRPYv7cZuwYx72XPo0+XH6zVLexfY+/1P6w0UYv6M0kMfRG1DOUYeixTA:b+gqLKB2pUca6+NP6yYbUGbYemTENFZ3

Score

10^/10

amadey babadeda crypter discovery loader trojan

Malware Config

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023452-149.dat	family_babadeda

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netoptimize.lnk	disksyncer.exe

Executes dropped EXE 1 IoCs

pid	Process
4540	disksyncer.exe

Loads dropped DLL 13 IoCs

pid	Process
2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
1804	MsiExec.exe
1804	MsiExec.exe
2704	MsiExec.exe
2704	MsiExec.exe
2704	MsiExec.exe
2704	MsiExec.exe
2704	MsiExec.exe
2704	MsiExec.exe
2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
4540	disksyncer.exe
4540	disksyncer.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\Y:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\E:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\T:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\Q:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\S:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\V:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\W:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\Z:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\H:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\A:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\G:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\J:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\N:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\U:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\X:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\O:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIE2A1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE459.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE66D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{00CE1E75-E04C-4F83-824D-20B2297C955F}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF33F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e57dd12.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE178.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE3AC.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e57dd12.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE06D.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	disksyncer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3448	msiexec.exe
3448	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3448	msiexec.exe
Token: SeCreateTokenPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeAssignPrimaryTokenPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeLockMemoryPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeIncreaseQuotaPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeMachineAccountPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeTcbPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeSecurityPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeTakeOwnershipPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeLoadDriverPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeSystemProfilePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeSystemtimePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeProfSingleProcessPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeIncBasePriorityPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeCreatePagefilePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeCreatePermanentPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeBackupPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeRestorePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeShutdownPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeDebugPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeAuditPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeSystemEnvironmentPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeChangeNotifyPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeRemoteShutdownPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeUndockPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeSyncAgentPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeEnableDelegationPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeManageVolumePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeImpersonatePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeCreateGlobalPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeCreateTokenPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeAssignPrimaryTokenPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeLockMemoryPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeIncreaseQuotaPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeMachineAccountPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeTcbPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeSecurityPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeTakeOwnershipPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeLoadDriverPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeSystemProfilePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeSystemtimePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeProfSingleProcessPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeIncBasePriorityPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeCreatePagefilePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeCreatePermanentPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeBackupPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeRestorePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeShutdownPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeDebugPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeAuditPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeSystemEnvironmentPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeChangeNotifyPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeRemoteShutdownPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeUndockPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeSyncAgentPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeEnableDelegationPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeManageVolumePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeImpersonatePrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeCreateGlobalPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeCreateTokenPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeAssignPrimaryTokenPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeLockMemoryPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeIncreaseQuotaPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
Token: SeMachineAccountPrivilege	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5056	msiexec.exe
5056	msiexec.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 1804	3448	msiexec.exe	93
PID 3448 wrote to memory of 1804	3448	msiexec.exe	93
PID 3448 wrote to memory of 1804	3448	msiexec.exe	93
PID 2800 wrote to memory of 5056	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe	94
PID 2800 wrote to memory of 5056	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe	94
PID 2800 wrote to memory of 5056	2800	42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe	94
PID 3448 wrote to memory of 2704	3448	msiexec.exe	97
PID 3448 wrote to memory of 2704	3448	msiexec.exe	97
PID 3448 wrote to memory of 2704	3448	msiexec.exe	97
PID 3448 wrote to memory of 4540	3448	msiexec.exe	100
PID 3448 wrote to memory of 4540	3448	msiexec.exe	100
PID 3448 wrote to memory of 4540	3448	msiexec.exe	100

C:\Users\Admin\AppData\Local\Temp\42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe
"C:\Users\Admin\AppData\Local\Temp\42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\adv.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1721970518 " AI_EUIMSI=""
  2⤵
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:5056

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 32A02B3FA5DFFE9FC6C8577912DCD220 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1804
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3C272F49778D580D9E217333F5186C23
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2704
- C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management\disksyncer.exe
  "C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management\disksyncer.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57dd15.rbs

Filesize
15KB

MD5
552e75dbb7d4a281ce3e37b2a1d838d0

SHA1
cf73166e512e7d56a1a6c698be0f28537c488e64

SHA256
ba3ae8066d1c87b8ad911d40cfb04ff4b639532af526732d20ddb4d113f2661e

SHA512
50d226cda697cc749d814ec386d46cd38eea630fa1684d4da6624bc2c3da8ac22e6f218ee83793efb037b8a5d1722ef2468adac016b5678af0167aed71b984f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID2A3.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID498.tmp

Filesize
864KB

MD5
4e2e67fc241ab6e440ad2789f705fc69

SHA1
bda5f46c1f51656d3cbad481fa2c76a553f03aba

SHA256
98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392

SHA512
452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Lang\de\searchhelp.rtf

Filesize
50KB

MD5
e94f6d87535ec7a59ae0a16a8ef17271

SHA1
2662c1d22d459a892474d16661e254eee8adc513

SHA256
73e9ac882a25f8c364d817ca3d93bfa9f493397ccb3a740ec3377fbeb94a13f4

SHA512
18f6f9c1f38eb6d95de169cf42a8cad52064952fe90e0d7339dce5dfaf6f706de067ae59601cf9cceea47f7ffe0d037f92b7bd1f66a69ad4fc92ddabcfbac427

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Lang\en\searchhelp.rtf

Filesize
2KB

MD5
d6d456354649589f9ace65cafbdcc2ea

SHA1
dbacf271a8b8d5bbdf38bd4e1db5903ccb4033d5

SHA256
797e6178ed8403d7b4e84603b81950c99ae9ed432f98bba9d7958fb2db562c56

SHA512
04097ce38b2a936c1e614121a6776d705362ce6146b0c395c466f1d592263dc01e42123733de5b65e284b19efb446f20efbf8b17ae91b1ad33f0e9facb65a157

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Lang\es\searchhelp.rtf

Filesize
50KB

MD5
afc31b9d3c7bc3d9ffcbd6ceeb3aa386

SHA1
692f532bfdaabc046ce73d9947312cea1d6ab62e

SHA256
58ab8c24e1ec79d518771e64fe3a3929ac79612e6881cf9030054f452696496f

SHA512
eb7261f5afcdb39d32ef0c0fee631d4d0f17d45c12e2cbcbb1c53aab2df89ff774d3d183cdb5ba7ec6167b68addda479d5a1204cb428ec3959d2367c0805e464

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Lang\es\xml_MenuContext_Thumbview.xml

Filesize
3KB

MD5
fa6f323c2332d43c213fb2f377580c14

SHA1
433b6e4c85c83132f7c8b04a23cb35c8730b60aa

SHA256
a2ff4a596e5f639a037707efa6bf880c8adce823a9a312af7622daa569659435

SHA512
6dcd4de583cf5763b83dceed143541571864cebe0653c012e70313e9399e05244c8db558dea3c8efb3e57c4d2c927253aa99dd39b053e0bb43929b48be8370af

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Lang\fr\searchhelp.rtf

Filesize
56KB

MD5
520077fd6d03c64c735258d4d87921d8

SHA1
1b8d82d7da2d85527ce91e72f179fb8a418d47de

SHA256
6faf5a4f8a729dbdc4082a7f33ffde3e72ef34acbf0875932b3e4427bfd9b598

SHA512
8ccd614aaf7cee74a0ed8b34267db004f240ed51d41dd80caeef12fe29a785d4e109b2526acf4c04ff30edc025c1e4afd7e9e11b32ca08ecc3ced7435514d4de

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Lang\it\Phototheca EULA.rtf

Filesize
5KB

MD5
9325aee138a4d9a15d651920fb403ffc

SHA1
19eb57cd989571fa8cd426cbd680430c0e006408

SHA256
9c8346c7f288e63933ebda42cbb874f76067c48198b01adfb63bccfa11970c35

SHA512
d3c0ccf217346e44436ac4f9db3e71b6d2eb152930005f019db5b58dcce923d94007e77fa5b938e182073c2e55163e886853b00e3fc22f135d70854120a218a8

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Lang\pl\searchhelp.rtf

Filesize
54KB

MD5
6a60791a0901d5f8baad05bcc77ccac4

SHA1
724a2547019d3ec3a8514a6c97dc68e9681d2a22

SHA256
5530e12f0e3d0049df4d5d7bea4cef171625b10fec3a671bcf5f8eca0c768d26

SHA512
448494a15730cf8d33ac4edd07b991eb970f475d27176c44236a19171e8431c858c252a79a3f66688d311ca3c0f6c9883e47b7cd9ba5da891038b174bc929a5c

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Lang\pl\xml_MenuContext_TreeView.xml

Filesize
496B

MD5
48c3c26e31224a83e1fb467683a48d05

SHA1
8b952c7e0d913ec6fad565f1df98617d7b9beb25

SHA256
6f97cdc258db1fef1dee20886207ef338fcd1f0e5bad561e02bf1868355d6ebb

SHA512
75938234fdc652f6f8b1e572c9837c282d5f4ae98cadfb84fd5336758b2dd22d08e16a306f7c54efbb44845a787e956800e4ec092e05f1d84b7cbb164708935c

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Localization\Bulgarian.txt

Filesize
34KB

MD5
5e68624302c465d6e29d970f735c0b9d

SHA1
c0692a057da9de0353586643cecb10c25187ca6e

SHA256
918717374890f30c9c46b13bdf1cf71c8463f18dc14ef3a97b6cfcb4da2102d2

SHA512
bb1c0a03a5026d444f3c997e03f664b37ffa3676db0868e4f27d4efbf5319662f397d042a13a39cade63a08ad2c4457efd18c4a0503c0e342980e09fd0d268fa

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\MathTree.dll

Filesize
74KB

MD5
97e1bb42cd2e298262f3c89e00e1a676

SHA1
4bd34c09de674da580179acba00f051dab487b66

SHA256
6e877b42d70b20ddc4c73e710ceea0e1b06a357949c4698e9755568a0a44d490

SHA512
a2f68444f262e7a7b30d66dc718a75c016cb530b0cb772dcd01a7b11544cb6787779357c354dfc47a20fa4c3ef098c9daa61713414ad3a0725d495059d8354f9

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Qt5Concurrent.dll

Filesize
28KB

MD5
48c7d7876c8af388cc1999552027f9e8

SHA1
8da4aa0bcdb04aaf97f272c99e671f3dfdf01544

SHA256
92376bf4cc2050dbf50ae1092bcb035fdf33ab8b02880f77d5629b057c515f3c

SHA512
4dbaab82d0e5e431ce3139435b487c3ff7e7692cb03baf99778b1b1802fd11c847030a08724cbc15aa7993d5408d8d37bbadd1a3e411e77839d5d6837a30b885

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Qt5OpenGL.dll

Filesize
315KB

MD5
cd31284d2ea24e824fa4566034ab363e

SHA1
4f77a4c5c825881d55b804aae6911f4e56bcda60

SHA256
fe3953ee758b588c7959a2262a5e02b2a627200b5a56802330914d2013505925

SHA512
67bc8e1d1f602d7ed457f6cadb4320ef74cb32a6f381d14987b133cb7b2497fde84f12c008b6772bbdc59c2e2c907e77a47e23d2f70bc4e93c141da549782ac9

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Qt5PrintSupport.dll

Filesize
311KB

MD5
0f8f973098d74027821185e338ea1547

SHA1
8f019a8539c502e92f08a0fd02f4a632d9a9acf6

SHA256
0e99096ba7419539686a0570d181f49100062907a48a77008d57a3049d11d704

SHA512
75b2d811fd84d176878559d63676946a0887957ebc802d74acbc8f1d0258b636b6a48d99f92d386be43d228ea9cb158bbd8ae25ee9d8833d6c6bd79869fb4412

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Qt5Svg.dll

Filesize
321KB

MD5
6d26254c474bb4d1b52bb51bfef306a4

SHA1
5ddab13bccb9bfd4803f41b3b4ad07e5dfcccf19

SHA256
0d4c747f190ec216e923fad606ec4f8cfa57dee7ce55f0c8e96a1014d0711421

SHA512
f6fd5ee4018e7f2a5d2e0a871c1e1ef1faf6870fe1e12c6ac8c5b354fb4c19a236821074e9b3a902d6b23b09e61e81df9b86497c027bf20885aba2441cf268a9

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Qt5Xml.dll

Filesize
190KB

MD5
895f6b74227a2bd1556276c9a9f72f19

SHA1
967366d92f2da39fe973622524d7aab27b121788

SHA256
8abd2b06130a9b04cfad837f8b978d11dc9d2935730188169d9f9bace71ea04b

SHA512
cc7232465492a2e0a9c062ba43a8e1b1525a2e32265edc4241766a2001d12d45958a71fc38d98e8b38c575a69b212957d88fbed2be5045ea0a255115b63e171a

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\README.txt

Filesize
463KB

MD5
a509ccc10e7cbe3eb915b8b65ddb213c

SHA1
3980103053a374a9d3d4fc8d433dfb95c9528c5a

SHA256
8b353826ab1fc47fdf63682eecbc538be5cbb981b0530f59a0fe32b9afa318b9

SHA512
c21e4179443cfd7be43953b639bdc766a399778990c59526f46f5c0b9756452da2013ce17127637fcbbd13715d6151b2ab08c6f6890a2aef78f5d51b9a0cb698

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\RELEASE_NOTES.html

Filesize
87KB

MD5
77db64e395175649374d32e386fd1033

SHA1
1e26bbd5055d3717e7f57219f2b7c1a305f84678

SHA256
7d841eedf45ff8a6e61e9e3bd8e03414fff2dd650eef9b8d5b9102949e2fa163

SHA512
238ef2258060e4ff43184dfc42d523dfed7301f5f3bef4a217827059da70ec59ec173d1550b633156824c010970f95574dd62f91e72c139bd40c083527b124a0

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Transponders\ATSC\list.txt

Filesize
1KB

MD5
3e43a289a247b121e0ff2c19656df76a

SHA1
4f2ecb02984ef1de43eb9ee7b17d6b702df92b6f

SHA256
1a11293293b03edcfb86c5404b83d09ca1292df0771f053c0a639f575e9b8515

SHA512
07dca1f9bbfbacccb205a5249788670da7b0e44c5731364f1c0c123848034f600fdf304bf5bf79682a692d1c341d690f11a647d47e6992e8e9b4d370cf70a9f4

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Transponders\All.list

Filesize
203KB

MD5
1b724e22c141bf7a93091437198a18a6

SHA1
fd2399d2cf769e292a046d07d7faf9540d3ff765

SHA256
dcaadd15a5079d2dfe8f861d9d987f1f7169c668c00aaf02654bbbd7f0262f96

SHA512
d62375b5e9437f665f57cb6d8d4200488a80e90037a470f6dc140d0986e1ac90e903dd72daae43a203ba89241f5f932ea436d5078dda9087c627b51778f42787

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Transponders\CabFiles\all.list

Filesize
133KB

MD5
c5349bec3b6306b6e96004b330488a26

SHA1
638b3c445e4b3c8bcd7fd7e87ffec0b86beb0581

SHA256
b411c1e7c81150434a4cf4144b200a45be088366051f883a3f3e3cca4930c9bb

SHA512
d5a55be25b4ae903ba75e6c64de90ad953a82bc8e2bb63e4d014d282a7950365d43eb33984ad475b1ec32a15994c40181a9ba86d0845257fe4d07a7835e10ea0

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Transponders\IPTV\Rostelecom.m3u

Filesize
1KB

MD5
9a9cf633adcf233d12162df92379fc98

SHA1
c3b87cb0328a56b583903769f28df25e3c68a928

SHA256
5077544d1644d1738f45b28743639e848802d1a8484ed6cd3f25d798a745cee6

SHA512
2b7b23eb385cd01b9a638d97a17c05c1b6d2e9e249ee415488e964ce1e7d69e7c9e3412feae62c039420c367209e446706015badbe09fec95fc58e3e64221bb7

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\Transponders\TerFiles\all.list

Filesize
4KB

MD5
e28de9af5066f83d06a749cd70062f3e

SHA1
1e70274e70a54f81bcbdc14d6aa00d8b5e869300

SHA256
d84f7ebe5517180d9c231898c30339a07c19ca7b045b21f33eb4dbe625ec7865

SHA512
81c7b3a6668213f33ccd10cbe950bdc7204a8e74eb52ee911d2c41132f072ffb9026e2878666883fa2f9f69fe9c80b8c076093d6aeeada2d2008396535416e47

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\adv.msi

Filesize
2.1MB

MD5
d3e3c555f4a9cef9090160980770d807

SHA1
9de0af8c605d693412da569babc58f31a778d38f

SHA256
232b20c0c250444280e8d8a0f499d9eeb7b785e8b05b7e2c41ba003c3359e4a0

SHA512
f7ea9c9a66deb57ce56f7a9395ae5354edb616e4a055c851ba1fcbbc73f43e5cb7347c7bfa8d7bdb32841041a1e7c453a10ca45883dd78b2534f1daccb4a6df8

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\bearer\qgenericbearer.dll

Filesize
47KB

MD5
27f0d00adedb35fe2d7db8fc5091e984

SHA1
a28a2a103936a03a7321f42609ff5765517b94f4

SHA256
1a924e74d95d580eec9913fbf32f84b12d0abbdedd111cee08e5e76f72eea6e5

SHA512
b723ca38506fb748805d01d8fb6e8e888e4b5b4b24662982d108267b516d792c4602b8d188d3e607802c6af363c5e96b4ce766c96d6dd7c718bf078ddf656b73

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\disksyncer.exe

Filesize
6.8MB

MD5
0bea6de20b91d3d15044c050a602803e

SHA1
2c6138de2fde2903eb9ac7be3d9ef294201d702b

SHA256
528cedc640ded51e451d7ec09315a681ee3c0206e02530a1a8b9cb2d6aa62f73

SHA512
060ef0f9edb809d282f709e1d5630efdec4d7109b1e4dcda04b92ccd485796020e8b90a47d81b19db769ca4aff2174d43a46d2d6a25de77e7e0fb6b01e3a0761

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\docs\COPYING.txt

Filesize
3KB

MD5
cedef94f5701b0f14e5d358caf023480

SHA1
fc717140a9dd390068bad40a70f55e502f7c66e8

SHA256
54327b2950ffac8999f869515d44b8c6fbbe6a3764c7573518f920b8988cbf9a

SHA512
bd22f9e0f008468232529c2da1639efaddca041e61e511ea0bad2a2b7ae43c43513ea7caf5371f7f0cc88bce43ed2f8ff44f053db381545398f9e03660c453f5

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\ff_libdts.dll

Filesize
4.2MB

MD5
48b16184664304d83ec893d1ae6e1562

SHA1
dfef8691cf3b83ded886fbf93bda119b212cda52

SHA256
5978852d19cdd1952bffc3df08820ae7d60c4a94f4f44bf9586b8786017516bd

SHA512
1bd6d35bedbf1b83875d2bb37bf745f8fe64e6b84c00cf624e73766f0747759101e56f52bdc2307d9f3b1d232e05177e0a0acab502ee249c8d0019dedfa25060

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\iconengines\qsvgicon.dll

Filesize
37KB

MD5
6eee4e9262159c6db975885478ed10c5

SHA1
0c2ff0d4b4a2ceba73b98f4bbc0d11701d4fa87d

SHA256
f1e678a1a9be50c08d8c2bfa98ce6260386a2d995f2ec88850c016659b1a1e43

SHA512
4be1feff764336899379c3742667c3b623651159fad7bd07ef3dbf46ad1ad5e22e1a7f26a1acd7f2e3e01c3246491eacad6e8f54cd0db2e896fb11d8d3165c1c

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libEGL.dll

Filesize
15KB

MD5
73d14f33c72bc4ecbc61b33041a6bfc6

SHA1
9ddf42073a07076a8dd0577d15a0f3b61cfb4619

SHA256
2a43dcf1c03cab93c0adaa54c34274139c7477ddb3fbfe9497de0c06ec785f4e

SHA512
d6934c1f5b0649d895b2dbc5f74601b67068fb73ad2eb04fe18e8ef0774f694afe215c6677590987efbcd531f30a69f73b24cbba80c27658f0595ca838fc40ad

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libchromaprint.dll

Filesize
78KB

MD5
87b32e6ed0b33019ddb113db9ee52b23

SHA1
f6661c6150b3afa8f5603381911b87645f932b44

SHA256
4c99c72663c1944d031d6b4d0aa18c3356e964ef874103cbfac61589590d742b

SHA512
3d44792b6e556b2aefd9bd796e092067af72252aa38b70a7a2294f9718d4519d59c8106c59d2aaf7e08aaf6871fc4b1c306bad4c7b785e0365405386da1dd59f

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libffi-6.dll

Filesize
49KB

MD5
c4059a8eec8ad3abc6432238f7491a2b

SHA1
f1c6cf3fa216f73ba44bd481c685ef30cfd3d284

SHA256
a9d3f2056f8e888edc5abfa18178fc0b3ef99880c9c410e2c7d6a64386fb57da

SHA512
0bb582a9a02cbd29c007e9cfed9dabe53ef087814c7aa8195c82d4b15302f95408a15710a3f83a970c35db26f77a9a34549d6906a7440fa7d0127aeca9bc8efc

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libgpg-error-0.dll

Filesize
56KB

MD5
40f2b954259ff75979920fa7546c89f0

SHA1
c93f6bc6c7f68dd02dcf66c57a71fcf8ddbc35e5

SHA256
460960b7a0a0f5f0a40b33203a46e840ad01e260afb4540ecd4e6c779d5b041b

SHA512
d992ddd9271422914335de85f0cb6991f4389f7e2c9a8b4606c435dc30ceee31671d725efa4da397502551d1b45f826692d486612afe435a51d30b13dacd295d

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libgstapp-1.0-0.dll

Filesize
70KB

MD5
613283ce438722cc027b2f0cafc910d7

SHA1
06d1f1b97a1041a58d55d6ee227df887511041a5

SHA256
d953e18d73af16d5b0e2ebc79cbb6f85871dd5cd4ebd45a5b1d54f50aabaad3e

SHA512
44897bbba77779a0dcaaabb8b91fc6338320b86a88b10132a1841d35d1605118fc7ffe66b1bea18813e40b0ee5bfb8942b831c5e52dfb767a2572c204a071112

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libgstcontroller-1.0-0.dll

Filesize
83KB

MD5
6ba630b7efb75e1a7bd1dde921269caf

SHA1
747a70f6aa881371987d17c777a8ac2f9acd97df

SHA256
469082f964fedd6014cf97de7c30f85d471e6c41248a48a8870657e330d7e36c

SHA512
f401adb86f6cb3bdebff0c6310a2ae7c0b2e59bdfb9ec3c8008a941ae22dea3ee4d39ecb6d7c7331a8dedc96e03a8c1c70ac14dca5c183d509f253755fdfa376

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libgstfft-1.0-0.dll

Filesize
66KB

MD5
29f7aab4e7367014db45f866ab052327

SHA1
f2bc284d7acbef09fea7136b9156ed79289059f7

SHA256
2204684f02ae5185deaa3704ed8355a737018cae320e68e3209311d1f2506237

SHA512
46917b7c58e46dcaaa7f9740bc65c7323fe4a999ce35d3c670c7b8dcb205be2667a7a5d21dfee8f32f42a1ee41f6118df896d02a96ad85a0b0f88c3b79b87143

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libgstriff-1.0-0.dll

Filesize
84KB

MD5
893c149773bff81b55530820207c73f0

SHA1
46c6b5f00b463d31140a0b9972d4bc2b04ba0d0a

SHA256
83f074dbacf3d3dc4c7d5646d056359bb7cb29dcd1a2d109cd07ee21dbdb42af

SHA512
33f1f08051632756396ee906bcb7285726484eba1d8c67ecf884a42f824261d9b73ba0bca52eb8a7d68e7544d79c6feea2c98a46c1e0e2ce98e3bbdc3b6b63ea

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libgstsdp-1.0-0.dll

Filesize
77KB

MD5
8b89a31d5d3f3173f5e3bb9118d04a7e

SHA1
b9829c7df23d7190928041753e2e07069c7abfee

SHA256
c5616071d5d2e858bf26cea64bcda17b6c494b1507ea96a17816811c6071e4a8

SHA512
67ed465d0af1e933dee09c95a3e5945cb33308f0de21182128f9d19c5ae85ed048b5cef685b322a6ba4c33830f5844a5eed507b3475017a845391305d872ff12

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libmms-0.dll

Filesize
69KB

MD5
bc738da6535b5015e9eaba90f56f8b59

SHA1
ce7c7865645a09dcf59daf519bade328ddf04b67

SHA256
4eea44b0b4ea4c248595bb1e573334005ec538792e3bb9d2a07ee01265443327

SHA512
fd2a5c1eb9c5fe4bd2fd87ef912297f463cb623e12d5e9ccf8cc7fccb39858765e289f4a9102fc02f68b0845048abb1390dd32afe2329b143ed331f678c4792b

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libmpg2.0.dll

Filesize
1.5MB

MD5
6551d89b33aafabcabb590a8b0816bf7

SHA1
7d3d1d26f60f3b9ca2aa51f0637ab55ec8d4a238

SHA256
a27230af63fa2f4c28794242cc11cebf83aac5b066e2df0688008b58ba345c3b

SHA512
f89055da238b728c3662aeeb7080af261a406e6316ed81e81cf35aadd63f8ff9828aa92fa74f715210f883000201292a29e29ddcc2d27f3b2d4f9c46f52f1fcc

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\liborc-test-0.4-0.dll

Filesize
51KB

MD5
00d68e20169f763376095705c1520c4f

SHA1
75ec5e1974654613c9eeeff047f1eb58694fd656

SHA256
3c12f0a9f43cf88d82f5cc482627237f51a63a293ef95f2342222ebde1fb909f

SHA512
4e180a8ce0e30cfc82883d05d8708fe82442541a4c522055d00f381bf47a0a4f269bc1f5e1ebbfec888edbe455ce145e24cb4c734e682e830322e13479a62c34

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\libplist.dll

Filesize
62KB

MD5
49055810fcc813a8e1bde0a64233f06f

SHA1
70f9b4f9668cede76b785dd3a1d54146b7f8f68a

SHA256
d1111915f3e27ef605141a56cc5bedea25684ed44784de1213e99f5fe9e5a41e

SHA512
7fca8d488bc30385011aeac999943a7bc6ba9e2e15ce83d8ccb77ae72a7c0af1391d6f7a8966443c31f83c54c10a67722d976e7d69f0d442234264c8856a5c50

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\97C955F\printsupport\windowsprintersupport.dll

Filesize
42KB

MD5
8d36003e2fb841f5c0db3447929a5d36

SHA1
5339a42b92d7241182602c2723f40dfda7a450f7

SHA256
9b4ee49db46e1bb1bd6d916163947e242ac011b56b6c1d81d2fb926ce5a21a0c

SHA512
521ba4d31e70789071ea4dfee0e241f43d3928e00eb7237134e665b60ebb98072ed40d2c82b5f7a709743df1d15bf8a8ac7da6cd39eefd81de022cb943f7ec72

Download Submit
C:\Users\Admin\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management 1.7.3.2\install\decoder.dll

Filesize
202KB

MD5
831e0b597db11a6eb6f3f797105f7be8

SHA1
d89154670218f9fba4515b0c1c634ae0900ca6d4

SHA256
e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7

SHA512
e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f

Download Submit
C:\Windows\Installer\MSIE66D.tmp

Filesize
569KB

MD5
0be7cdee6c5103c740539d18a94acbd0

SHA1
a364c342ff150f69b471b922c0d065630a0989bb

SHA256
41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14

SHA512
f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c

Download Submit
memory/4540-283-0x0000000000DC0000-0x000000000148B000-memory.dmp

Filesize
6.8MB

Download