Overview

overview

7

Static

static

3

EasyBCD2.4 (1).exe

windows7-x64

7

EasyBCD2.4 (1).exe

windows10-2004-x64

7

$0/The Neo...es.url

windows7-x64

1

$0/The Neo...es.url

windows10-2004-x64

1

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

EasyBCD.exe

windows7-x64

1

EasyBCD.exe

windows10-2004-x64

1

NeoSmart.L...on.dll

windows7-x64

1

NeoSmart.L...on.dll

windows10-2004-x64

1

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

bin/BootGrabber.exe

windows7-x64

3

bin/BootGrabber.exe

windows10-2004-x64

3

bin/NST Do...er.exe

windows7-x64

1

bin/NST Do...er.exe

windows10-2004-x64

1

bin/NetTest.exe

windows7-x64

3

bin/NetTest.exe

windows10-2004-x64

3

bin/UtfRedirect.exe

windows7-x64

1

bin/UtfRedirect.exe

windows10-2004-x64

3

bin/bcdboot.exe

windows10-2004-x64

3

bin/bcdedit.exe

windows7-x64

3

bin/bcdedit.exe

windows10-2004-x64

3

bin/bootsect.exe

windows7-x64

3

bin/bootsect.exe

windows10-2004-x64

3

bin/udefra...el.dll

windows7-x64

3

Analysis

  • max time kernel
    49s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 22:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EasyBCD2.4 (1).exe

  • Size

    2.2MB

  • MD5

    2e06476ebe1137f543ee7176d34716e7

  • SHA1

    6eaa6aa0e829ce8af54213f6de77e748c4388e23

  • SHA256

    0a94a43af2db7bdbada87b34bf03d3b221110d1ca21bbebec55b08767c1281cc

  • SHA512

    4f038b1bab87a9c552672a69d2122800e5f6809c6230c2cea4f14000d0c8555393621af0e4e85ef9471a6527d9458a6315576aab9de10058b3c320549f9d0c1e

  • SSDEEP

    49152:vHQLkhcj2sy/yOnZMS3NTQDxX7Cc8kRD7zei:vwLKcjW/yGMoN+Obk1zD

Score
7/10
discoveryevasiontrojan

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 54 IoCs
  • Suspicious use of WriteProcessMemory 34 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\EasyBCD2.4 (1).exe
    "C:\Users\Admin\AppData\Local\Temp\EasyBCD2.4 (1).exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im easybcd.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2676
    • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe
      "C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe"
      2⤵
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1932
      • C:\Windows\System32\msfeedssync.exe
        "C:\Windows\System32\msfeedssync.exe" forcesync
        3⤵
        • Modifies Internet Explorer settings
        PID:316
      • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\bootgrabber.exe
        "C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\bootgrabber.exe" /tlist
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1804
      • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\UtfRedirect.exe
        "C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\UtfRedirect.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3048
        • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\bcdedit.exe
          "C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\bcdedit.exe" /enum all
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1968
      • C:\Windows\system32\msfeedssync.exe
        msfeedssync.exe sync
        3⤵
        • Modifies Internet Explorer settings
        PID:2604
      • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\UtfRedirect.exe
        "C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\UtfRedirect.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1616
        • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\bcdedit.exe
          "C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\bcdedit.exe" /export "C:\Users\Admin\Documents\EasyBCD Backup (2024-08-02).bcd"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe.config
    Filesize

    330B

    MD5

    3379ac7243adcfa51a02295dbedc956a

    SHA1

    469bbae4b1844832809196c89f198029beef4af8

    SHA256

    7ec2512b59e62a3aeb0a1025bf152a31291e17e7e469ce18efae153064665b03

    SHA512

    08d7101b21b87e11aff79cd8b47ec3ba2878cf72406e4d59771531ce6098609f8340607cd8b9ae0721c56f8fba5927c93f0412f0042879f04f2cd223d82430a4

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\NeoSmart.Localization.dll
    Filesize

    25KB

    MD5

    ad0a59ae87d4ba106e965c62f0bc3d88

    SHA1

    5b39b6fd95b5bee72a17d79a1f4958256a5c4149

    SHA256

    3a56005b2efb34620019ef432fe90eeb63726fc78b37be841f25c2aed82eb1db

    SHA512

    562b2cbd3fdbbb71dee9fdb68bd24b9bbf27beab93de338a616baec837910f31ad3b13d75564d45a1cca26e1150517b47d0b3984bae7d08675593bde22bbea98

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\Newtonsoft.Json.dll
    Filesize

    472KB

    MD5

    0953851089821550ef013b487da3915a

    SHA1

    7b4dfb7d547404fb6f3cc561d9475209aa2c6172

    SHA256

    4a56ef352f84ad19c1b4486c7c9e64fef9a67c464c62e51bababa79cd2d89551

    SHA512

    4a41a97527604042e1d28e2869aac1dea79da372ffc7e211415e45e4212a853971731cf4fc9595d81c4f4b824f8e7441c2ad6f2641d053cd783b264c83c29e86

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\BootGrabber.exe
    Filesize

    183KB

    MD5

    2e12b37d32c8bcf8920f5ebb6d24a6b9

    SHA1

    7fcd9e4ebfa2c400d6340133440c087e56a3c9e6

    SHA256

    f9842333f0b562b4ab5349a09fc173b0b2971c1f600502c4284781c78a735d7e

    SHA512

    aa82f1ed984174a1b5a610eb28a422da6172dd027678d9d4b7a9714e85e050616403ad294a005ad1ab39032758a4d2fd8d498b1241dedda8c91698ffc7d3c527

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\UtfRedirect.exe
    Filesize

    189KB

    MD5

    5b40791899fa37507e7c08bc3d9f5294

    SHA1

    cb98852ec22251b5124507427d05b3dfe7ec53a7

    SHA256

    5a87d9485f6e13ee2c3ba4ac289a3e237d17a43ed428b8a5bd5f00fc4800d1ac

    SHA512

    d2c0de00943d7e9961571a8e798688e46a8e7267086e15abaae8abca0fa7aedd02d5df3c5eb3dc6cfab0c5982694129bf5b9c0cb5d8e978fec0d76d54e441390

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\bcdedit.exe
    Filesize

    317KB

    MD5

    a60cbaea0f8ac802d21c0cc7bc2589be

    SHA1

    f4c1f4b7f340968ba9c360f3fc1ef783a8bc7b2a

    SHA256

    8bf1b71182fed18d6b4112bdc4d496800b5bf6681de4c4f6536ba67378f38a12

    SHA512

    24ab704e214758b9318a333bb3a466a05e4218fbef70752b266d782e5fe89de19db8e5d5a584245fcc6aaf32ea99a0764583b3cc56299e99a2b7cf6ec42c2ccb

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\ar\properties.xml
    Filesize

    186B

    MD5

    89159f29003c36dd7da4161c42606347

    SHA1

    a448050ecdedeefa12c6032b3792a3369d30043b

    SHA256

    2a205ea793f84bac49dc3549c87f606591b44a283d49aae70c69eb646b3ee6ca

    SHA512

    e77d668184175639b0d201e23a9c5b1d763ace339b2bf8ac614c0dc35775dff813a7e89a805c1f98766eb9714f2fc02a156c9dede59240cdb9e20f1254f7a2ea

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\bg\properties.xml
    Filesize

    199B

    MD5

    9ccb633ed2044b5b67261312a0a3c056

    SHA1

    bb248410b363f746ae0f89115a9d512b9e98c1c6

    SHA256

    38370820738b34c81dcfa498434eb54ed7ed10505373ecb0edd94fc4f2f0d6b7

    SHA512

    9c36312b83eeb13138dd7b1149891c7d89eaa8acb8679ee64ebb2c2dd6522acdaa324908752cc142230a2b4e6039cadc06d676e7e5f35a9b867dc96805cae1c3

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\ca\properties.xml
    Filesize

    180B

    MD5

    a714b71a9f9690f25fec26951c951232

    SHA1

    e2a79fdc13419e137491664e0acc1d86a26da767

    SHA256

    afcdcd139142fba46181c44816b445fb91e4533428e2b72b0ede4374339f66d8

    SHA512

    8f4d255987bd5923ae06f3d1d29c11c2a18a210cf534565d9b007b6c3b7b720f759c41314be569a03611d50ac6749c88f86bb0250d6352d7b6130992e531e8e4

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\cs\properties.xml
    Filesize

    189B

    MD5

    1c7cfba3f2a05a270627e03f25cb3e1a

    SHA1

    9a93327622db15072e118473a64bb9cc3ff11a4e

    SHA256

    b6e322d269da30367d4d77d70c875b8464c95088198fe2ada099aa6022fc4fa8

    SHA512

    9d400661ece761212186f65483533326591c815067c97f6df63ac5965002b166dd552f7b39c4da45a73b5d5a91c2e575525470404302e4c8a9cf0d89bb4dc24b

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\de\properties.xml
    Filesize

    180B

    MD5

    a58b4498c7db23672183262ce985ddd8

    SHA1

    59de71ea9d33f527478d80e6b601c4d2862d7451

    SHA256

    13a47f469be7b0b173ba78b874f17a2230281f4768431407670b5cfb06516a2a

    SHA512

    81953e927188ce06230af4ebb3b031e2661aefa3da6d3d49f5c3e8d6c6bc39fe1cbbcd818f330fec2ec29e4edea0aaa7ed72b7c04d0cc8dd78c3626896323b2b

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\el\properties.xml
    Filesize

    189B

    MD5

    81801a5b8c97d1dd05b2459856c81f67

    SHA1

    d7be95901b44e5314b596551650b41576f390c67

    SHA256

    aea9feaa58af7d1bf8ca98ed578ad36201eec5f7600b74eb7b04e832ad312be9

    SHA512

    73fef24de419b5a5df7fe852a4ae4e71686129e1fa16ed61747a77ce89d60cee884707d82d5c38ad817253db1fd7aeaf50d76e89a6774ed1071ad77aae2648ce

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\AboutBox.xml
    Filesize

    1KB

    MD5

    57c22bc804349d6b4c292e5e6fac5883

    SHA1

    4fbf2329b8db7273c2cac2159ef7e021abfc7d02

    SHA256

    d1e45ca02de4d82c4abf4200487a3f9b759239cbc671b8f17fb21969b1c1ad6b

    SHA512

    b7edc55696746049c59d29d3af3cf029b3e9f21c1ad0024ed5421ee32f55d2a9f4d713a272e8a8b2ea359fa649e4451be911037a6e84dbb7ba3e3fcbad04ac5a

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\BcdLibrary.xml
    Filesize

    2KB

    MD5

    9b4be1d3d51da52e41e2a21fec4c97fd

    SHA1

    df4b2426d3f96e2ca9d59b3de0c98718990be442

    SHA256

    5b94b2efbf3ca74dc78dcf49c6c521cd6ff823d5ad238226a400e5e5a8e4b0fc

    SHA512

    6e8fdf99a0998253aa8a6e45dea72cdb07065d914d79847344a6527635fdb103d8bf5be1500c49927e2569f815ada88494e8725cf2102a384110f8c6b8d8a3f8

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\DefragDialog.xml
    Filesize

    329B

    MD5

    314b52187045ec5cb47d3270286cf1a8

    SHA1

    354e0faca02392bb1e3bc188127fa39dbf81e95b

    SHA256

    19a4765488f7574ff0fe54ee538df47968b3614f716369e2874a31735c007620

    SHA512

    768173d405d0e6d271216fe81e856a3f3bd9af830d4a96721cb8098dccac49ceb7c532afb8baa1d74ca5f951b8f02b3e0aeac83a1ab0ff790c9ded6eb8ed5b07

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\DonationDialog.xml
    Filesize

    1KB

    MD5

    96d0729ab37766f2a749d6fb4f594936

    SHA1

    4d6239e47562df05b45f5b9e38a111317b623f1b

    SHA256

    7ebf9f1dce431c3ecc61f398751338517b2b6f7bac9a289f6232e26c663dc391

    SHA512

    bb3736acc931f5f99879c81cd8640e6f35815cce9becf666e14e706bcef57eac611efa1b850919c1fc4a4ca47d93e52a2b5eba1d32cc2fe55be792bf2e57389e

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\DriveSelect.xml
    Filesize

    997B

    MD5

    e2fdc84096a9b2e5a9927070021c48de

    SHA1

    11d1ef6208b3ece6f3f280efd1ae2b55f55d1c82

    SHA256

    2f5186a8f12d42176de86d4962b5dbb6ddd9071d2f5d1cdc51eb2f124c6a50ac

    SHA512

    2bad387cccb4938b91272ef495dad91a7fdaee327d69959075217f00ecd3d11e9a9feca68c3c47957dd50d02049aefebedc8e9a8628a02643e0c753f9406cf09

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\EasyBCD.xml
    Filesize

    18KB

    MD5

    6d85acdb10090c82a8ef6587c9dbb7c9

    SHA1

    4154908d0a05d93531eab09853c2053455456754

    SHA256

    a941b2c1fdd614e5145161aadb56c0f5dae4836bfd6b29018bf6d5fb99280aac

    SHA512

    dc261dfe778240913775389c687159e86d3ec1bcc3f8593ce76145c2b9185fa52e75fb8dbdd255085e313e8f860c25c578b1967c8d8cfe82b57fa8246bbd5527

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\EasyRE.xml
    Filesize

    1KB

    MD5

    c33d9d4eae1c16fb973a1ff94dc759f2

    SHA1

    baa4871b1222c4ee140589d024af321ae9b3f11c

    SHA256

    daed6dc83fb3c08023cce6728b7c60b30174a00fdea7f97af65d04c34c5880a5

    SHA512

    ae492299285e085d00c6eeaf8d2c3971183267c8e223384349f7fc92616645bf34882ff3675a6baab0d451778cddfca11224df4ca695d46d3fb4dd3139f24485

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\LanguageDialog.xml
    Filesize

    399B

    MD5

    928d365e6227dd6858ed623b28e21158

    SHA1

    85305451574575ab97141cf844c5ebcb60a6895b

    SHA256

    96c6c5effb537c5fdb8b3b8f907fef21bdb3eeaee6a4c6ff12f064bef342d209

    SHA512

    7d092bc0dfe2bedb7fb84e7ab56500bfb143c15b2baacbd001e06c6d36d43fe216ee5e68a8e328a64f5668be319dcf6b8e8b448b50953305ebeead7c05727295

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\LicenseDialog.xml
    Filesize

    1KB

    MD5

    0fee3c196f488b5e0628989fda34c0df

    SHA1

    c41d95d996896769a6a745eac25802089b9963d8

    SHA256

    33f23516c1853a17e41edc603d860b8ead64cb1bdb9c27925629282166a539d2

    SHA512

    829b1948407d92036aee161d410606e79c23c7c477d874119c849bcb2004a44beff74f5cae881686e286e28dd134f85ad9b44a73e6adad61f6126ab52315f1d3

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\MainUI.xml
    Filesize

    12KB

    MD5

    e9f36537dfe6333eb2affc5fd010e290

    SHA1

    8eb2c560ec375830b3b699c65b8b9b8c68fe9014

    SHA256

    eedfe23ab06b57b87774a19b5e4b8b5d7d59169b1a978197a28ffb7b7d46399b

    SHA512

    213b7fc186b8bc9400bd6bb78c97a4ac23279d33317ca684e076706ab3ed5801cc6830f7cdafb018e0a5e1fe42a36c73cbc55162fddc3a5de988cc733ff96241

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\OptionsDialog.xml
    Filesize

    2KB

    MD5

    2175b75eec134dd2beae5c64465835af

    SHA1

    8b20b04f63fd4b5fd35b1c6e0500bfd741ebd85f

    SHA256

    299f7cc883e64e72b093a8be83da0627d8fc87206d8b0f6a360200e8f9d85823

    SHA512

    95fa08e628b5b3ed5fd415e2e83e01c9956da18b37efe5c9f9e9a5874c1730df1177ed5cd01481105a33da77fd6e8601a57f36dad4a57b7bce6e1b85211e7819

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\ProgressDialog.xml
    Filesize

    360B

    MD5

    b71bcfcd26da542cdc999461273a5f8d

    SHA1

    8ead413c2af8e562439d2493f53ea2213b408780

    SHA256

    787fae5a46c80688d65ef3ae0d238af468636747e1e80f48283ca22a8b46bb1c

    SHA512

    135a1e12390601acaf7b3fe283f8d80856bffb031077939c998b7049d1d56855c374cec7b268e1061063494411aba646dcac725a01a02d7e4913fc5cbe2631cc

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\SdiMaker.xml
    Filesize

    782B

    MD5

    44e86fb9d4f0143d20c4bcebfd3a6a0b

    SHA1

    64b034817dec4764e3d03fb15df7e4187dbf3eb6

    SHA256

    a69e3291bdca335d32871d8615f1bb9e47e7132c157f87514d3843f07b29f86a

    SHA512

    08d6412a9a054da5f9d16d89015860efd099ee22510c73b7e1e49fee1433ddda7f7af7840262e421bb0fe595b9a6fa04f0d088fcf5506a254c0fdb10861c26db

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\en-US\properties.xml
    Filesize

    180B

    MD5

    b15bdc1412728c5baaef79cc09e73555

    SHA1

    998c68baee96c3d34035a3b63b49ba58203d3aff

    SHA256

    b8a414bfd8078839d7fc94ab64b63f03f75aa71016fe021a48fe6b3be3173126

    SHA512

    fd211b0517fb09075306a65eab59a195a0b41172e6fda1ea072dc8b240747c70068b993a76085f5a6f9f29c87df58f50b3eb140740ce8dc0f1c467c590d48d7d

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\es\properties.xml
    Filesize

    181B

    MD5

    24980c9236c762569fac2f3ffc3a3e10

    SHA1

    d8380bc3d26130309ad00f1cd9a0244e4243dc80

    SHA256

    05f9e3c442d844db5f7670face7491ba06ea36ca39dcf9399f3523b73533da4c

    SHA512

    ee99c87f1dbbd89c4df0d8976114219fabb9e3c784c5a8c55f7069a756ea1b9bab2ce30cb84258ed5abb5fc7283797266ca12b6b13f8fe7cbfbb2045ecaea22f

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\fi\properties.xml
    Filesize

    180B

    MD5

    151a76df53f9522669ad3711b2f98dbf

    SHA1

    3dc70444f61648e36b014fbf2e8d1e5d9b052bfc

    SHA256

    65ec459523f97c31239e707368f47485ffaccede48869e2545e8886d7ba93a63

    SHA512

    772e0c04f0678cc175d137d6a1e3cc65d64683d0717a81da192017f2da601e5f15d142c373704fc8a2e819e3694794e3b1927c6f2798210cef6429492bca4118

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\fr\properties.xml
    Filesize

    182B

    MD5

    01c5765fff28df5ab1e619fdbdb1536f

    SHA1

    73b95005f7516ba228c3c6112261fc42d219cc10

    SHA256

    c42345da25d4e1061d982c5dea87addfbc23d3a74cd6330b3e1070638c23c842

    SHA512

    6cc17f8d0b941990846e209731da095261358092c53c9fb2b5db3519678e50e62d161672a14fe45c222c8620a46f8d4cf384754c63adf6319192bc22b13f6a0d

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\he\properties.xml
    Filesize

    183B

    MD5

    e3030ba887f98057e14cf750db78ec61

    SHA1

    840fc0afbef4990e7f3bcc3e3ad73ff08128dcd9

    SHA256

    dcc2e94794400a30c8d7b1b9972b678e1d212d2450678c2c66de44753f2d1634

    SHA512

    fda37f0222270518f84a2aa6a09924f01c6554bfd4e6032f0a1e2602e1ee8c9184d38a208c5768720c8cb2f238e51f6dabefcbcc7e72e24e0c56173fd4e4cafc

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\hu\properties.xml
    Filesize

    179B

    MD5

    e98525bc3765790290ab0e4391dd734a

    SHA1

    74d0a72056371ec81d839c3923202cbac284965e

    SHA256

    5549bb91cb211155de224687f457928f462ab1b33bc25a2a9a47c8ceac5045d3

    SHA512

    78e13fe2b0f881fd090a596cae897c02dca3b3cfc454ad7e2d284fd6b3d8365a59024ae542bafa5e79a227bf87454531d7a49a51ac8a0fd8b7b204a6b6db9eb8

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\it\properties.xml
    Filesize

    181B

    MD5

    80618ee927d60e0c76a6f26cd23ef2bc

    SHA1

    664e69598d96364dd736fa460035b3a585aa79cb

    SHA256

    8b68ee5de07ff96e991d40f69a0e3e0b0ed6d557de05702f46c9cda5652706e4

    SHA512

    19c2bfedd675650dfd0666af6a1dac051d0163fb8cee1abfa76700669aa44fb1c31e98b70238413c8fe95cfd181e6f3cd610bbbce7f03d139863ceb19632c7dd

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\ko\properties.xml
    Filesize

    182B

    MD5

    4ca82ba76ba620eaefa73b9a9804debe

    SHA1

    c1f355034abde7c3d625a15c031abb6834f6fc43

    SHA256

    3f4baf5ac2c342d5df9dbfa00000a60e82e1d557e70501235b9b292e14f5a53f

    SHA512

    f52c914d21dcf555542467769c77eeab25a1650006ba8edd5bdbfcc3563a01f09610ce5d5077c8542501c04947b98c5ddb42ae0414974d8a278d323aa1a453df

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\pl\properties.xml
    Filesize

    179B

    MD5

    d49fe9bc96a4190c531633ce38f830a9

    SHA1

    0968278da799e430cdf39814bcc09d074b5475ce

    SHA256

    2ea52f03f10ae2deb4cc8ea670748300db8debf155539c87f5de2fb540d93541

    SHA512

    d7ad430077e836a1c35c9335dde053fff4b246defbe44a5740c22c9bd5b4a97cb1a2503b8b5f7e3376fcfdb2253de4f42d27589db429673abc4c5a89551d7ce4

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\pt\properties.xml
    Filesize

    183B

    MD5

    0cc787cfef9cee9e59e00fd7723487f2

    SHA1

    3e8c0dd6ad350ef35caeb6c70d7e220fd465a88d

    SHA256

    4c374df5b2d7aaa9d62c36d5f40fd4ceca4787b1e17e8cf3715c1fb8c950d71f

    SHA512

    42069b75ecf3e93b98431eff20056dadab3ba9b14f3bf3d8d78d4605cf4c23775691016efe21b362dd4233fe850adbb06cc8e69a2f36debd4ee42e2c5dcf10a9

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\ru\properties.xml
    Filesize

    187B

    MD5

    441992f49ab7ffa73f826383ec6b420e

    SHA1

    cb5de3ad4a2a4f1d469f90efa926083a8fb5bdd2

    SHA256

    def731ab68cff2081d712527e9e0068259c19e974001e38072c46a18a90b5b9d

    SHA512

    c970d0569a5dd85ceb71cd25bad8eb1482a4d1bcb1f5de7d2fdba36027ab419c3f604c5a7dd894c48fb230f8e1a843ef9f21fae6beffb1fab1afb7e000d50e24

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\sl\properties.xml
    Filesize

    186B

    MD5

    fce9ea94a832172cdd5b1bf4d229bb5e

    SHA1

    939b6494ac39d4e8b0880c4ae9e75b85b63576df

    SHA256

    a21d44c9ea6e1c7f0aeb5884cac269d84b1d4fea74ea03638ed043f8b053e3fb

    SHA512

    585ce0b0f7f896ced05733645abc87ed1ec8c3d899c59c46fe2f7227c4cfde59aba7587507b1d7491105673436f4994a0d274a6a644adcb67da17c5da77e135d

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\sv\properties.xml
    Filesize

    180B

    MD5

    acff5cad408f70cfde6d7d98e82f42f4

    SHA1

    cdccd36d5e49336403e72b5e29f87251abc417da

    SHA256

    b1a2ef6faf673812709518e03c448e8ddd7f3da0504c9e26c075d1704a4c4057

    SHA512

    c2bcafa07389060fcbe7dc345fceb0c58b09589096767761729f098ead73607013b8e784f602fbae687ef8bfdd0b5a6833fb9c253e19c2f5a234dcae0b6a1d53

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\tr\properties.xml
    Filesize

    181B

    MD5

    3d561daea9e95bf5dea3b1c4859caabf

    SHA1

    c2c7cb9ef61b6f5fb1d30b41cbc2ac28086ceb96

    SHA256

    6b79fc383b5518f761672986399438e7c5f5ea88a7509beea48b456e5b4ba287

    SHA512

    9fb4a896f5423d977703128096939750f09be4ead4f5b39bba8bd59f92b0f803aa5e024e03e64e481792ae878233d90225633eab77e7fe385a2eb3361e2e761b

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\uk\properties.xml
    Filesize

    193B

    MD5

    d36e2e6f03dcaefe8a6c7ee084d3d3a0

    SHA1

    cf893e29e83e49200b69d03e754bd49366fc8cd3

    SHA256

    96d05ab2b19e19ef3ac8651d0d61cf05fa3a2c8b36712ad83a855800d244dce4

    SHA512

    e92b9716aa752d18d97292a78ee54c59f9c720cf85a4a07f5ebc137fc1542e918de473761f201ace87fdf55efe1d05bf1391cb91df0298cb873f08efa330aa41

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\zh-CHS\properties.xml
    Filesize

    185B

    MD5

    ffc617abbb2838282325b8cecf00e7bd

    SHA1

    2976b8271ab71c1de06989486e5280cf20b9ff44

    SHA256

    dbddd1a41b4ac590de941b70e19073078c23d8bed87bdeddca3d9e2f47036483

    SHA512

    f493f2b31b3ed6699555dc7141f53ab9e0fb6b50bfa8df639319cc39c100289b67d3add0232f48a4e75304e79660ff131464789fa8a9c73a42060ab4964f4a9f

    Download Submit

  • C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\lang\zh-TW\properties.xml
    Filesize

    185B

    MD5

    6fa77b1b9788e6082e94bf3a6fa968a2

    SHA1

    93be8a41de48defafe11ec195817ae43f6979166

    SHA256

    5a58a498e3c6e34cb068382c93f7fdd4d95ca89af565016be54d648f9bab86d3

    SHA512

    0a460bdd4b352e1850400989731715c3c7fdef6dcc11d3a324a564c0ed690b99f654e0660178c29e28aeb8e1c4762d275a482329f71e6e4e483ddd9c27be4cf9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7808bcff0e2237306b0da580002b99e8

    SHA1

    ea84b6bdce493178c35baea116f340e7da15a987

    SHA256

    7547b48d70812387ad1d69c1f049432b7c9f70ace211397c72e879ce951df596

    SHA512

    cc2b785a1ece7052e59a4b9b093aca888ded0d0e6524f7afa46109d204af978890c25f4a4ad9cb8ae624f9758b1f30fb09a2d1705428e101314f70f2bc9d3f34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd4f085a1467b074bb57c442ebf9fc12

    SHA1

    82acca7670cd086ce9f0e136516fa9adb38ac1a1

    SHA256

    87395bf9d3694b3ac51bac22c652ba7113c454dc95db4fa14b9ca18df6f91bfd

    SHA512

    20abf2fcb4b488e69751dca6ffde3dec0157235d9f3a38bad54336781ae82315c7a04e13d65a5f7fbf0ff04d3de5044f500c09468fbd875647a70e56a41d80f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
    Filesize

    9KB

    MD5

    24d8840264948564cb746976133e38a6

    SHA1

    cfef1b4328f905da6eaa03565a12f4f9ec45869a

    SHA256

    d5ca8bd13faf3cb45070a3cd74400d70a9c26621ff1b0b1a78bef464bec39b96

    SHA512

    404f96db027efb254e5412a57f71d79a74d405898869c3627e70927bfc558b5a31e168fd4add36cb0f819fd7e68306762b4b17c2aa56724e064b8147d249fa8c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
    Filesize

    7KB

    MD5

    8fdb379e8d88913d99c1880077b8e9b3

    SHA1

    9136e16b1df36464f81464240f13a1c520f82419

    SHA256

    0391b4d2aac252c055785d5f477f877f90407d3d891dafc1cf89f56308fef7fd

    SHA512

    4cab1bc34166de719653502eee2d46c915f3fd7a80a3c3b512ac399c7666d2915a2549083c7630c9e442c84ef54617c263e52638b8e298adeacc1ca6834c383a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
    Filesize

    7KB

    MD5

    6abc47d26dfe83f50d5020ebc704f5ae

    SHA1

    53f836a8786257b0c99586e8c782d492cc80d91f

    SHA256

    b1e26e9153a50121070e01c4f76c503a7d45853de09b1f87fdba93805ceba417

    SHA512

    fb6d676754efdac3933de0de03ed57cb0461bb1b0a72040e8fa607986057bc64cdfddff3a2b50d5255505a0e4c2016de6e47ab00809ef99faf5c01209cd17ff7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
    Filesize

    7KB

    MD5

    65472f9ec1f103cd14c69ecf57f3f533

    SHA1

    8ad71a7591bbed68d73733cac52b00ecaecddcc6

    SHA256

    f7c9a41c4d27d36e183aa6f5285c141525b64f23b8190d7c2c864a3ed8364d65

    SHA512

    be85c8640ee0099e51d922488ca9cae56f33a365d4dd016dda9c4bb412071c3adf0ba34e918dea7bc77a8d07dbba0534e0555efdda43409b67ebe5e50a41d07a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms
    Filesize

    28KB

    MD5

    94c86ab7235ecfbfa03968871069cc2c

    SHA1

    2e6e3b3e49ff8575ba4c830fb441f0766909ae0b

    SHA256

    94b873181cbeafcf8ca1ed6d2e8adc93b79a61c90da10d02289980edff14c95e

    SHA512

    601d6d276a7ec5c841c0a4c0954dcfa8388cdfa32040a57a16a62c9e7922b5939b57e8bccaeffbb1c02c33d0c844443d81fb72dbd95dfd4e9c90298ae0483e41

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Feeds\The NeoSmart Files~.feed-ms
    Filesize

    368KB

    MD5

    4c341b51c4daceacb105eaba6c6055be

    SHA1

    eb351da1cf5c78a3eba4bbc91640108ab2bdcf52

    SHA256

    2d054bba44ef8802a1786a0ec997e066f78d6089c2b69096ae7dc2b27b5a8ea3

    SHA512

    5f9a2674d7faf1616e2a0a72fa8b061c1863d5a0ec91e8ef31c082807977c0ce0dfc74d3aed117cefb12deadc34ffeb27f83fbea164684cdc40eb7a9f65abd1c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab53FC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar542D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso19BA.tmp\ioSpecial.ini
    Filesize

    673B

    MD5

    6356b3c6ebf90f5a59bd9abca6445ceb

    SHA1

    1b506aab5bd447df4368f72dfb78859d67a5a924

    SHA256

    d4f380ca6d7193ad549c29519718de127e02265c2803f767ec4107f50e116004

    SHA512

    deeb6a196d1974607f58f8f57a79c40b8c4da40f67053739691e9ecdd5056828afb3ca56d00c5a7e46218a22d1f4570399a2b0a62963c55938abc473da811791

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso19BA.tmp\ioSpecial.ini
    Filesize

    712B

    MD5

    bd845283cfaf25692acc99beb5b0dcb8

    SHA1

    462d554d6db23fb9678500f19633b5509b0de4ab

    SHA256

    d8097d03d75f4ec20dcda4f2e5be2af55fa9a99ff8b7fb2b8150663a7901d75d

    SHA512

    334c6edf707db92f015427930a80282b1c1214585865166ff40a1dc9b83b7b522c9e2172f6deef0f6bbe8a730addfc4004dcb51fc5f03c494a1150629a03aee1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso19BA.tmp\ioSpecial.ini
    Filesize

    633B

    MD5

    e412a531eb44811bdab8404be2768b34

    SHA1

    b3f97f5de156ad7c71dbce722e1035e9c4840286

    SHA256

    6d1ac7faff07078758dcaa6474691bb213feeec1a6c558d55842247d1a4ad617

    SHA512

    97c517ac04c1f18e15df9677b454507805c5a0faab2ed1bb44c7e52ace7f83072971feef7228f722b95af32aff8b539a0b339485c267f9714727b27ff471e343

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso19BA.tmp\ioSpecial.ini
    Filesize

    633B

    MD5

    aaf7c2941e36072cd8d32c008eab5d39

    SHA1

    20fb10760984ebb0374b38e4217a28c6f12bf08c

    SHA256

    f26dcc42624ae01e4a68242c17e52f932dcf940df40032ac55c851c646c2a75d

    SHA512

    3871f3579a19d15a7f997b8a1673f63957092b99d0cf4ee753831b2eeb9075cba70234aac54097a502bbfd013722f6ea4248809329b39498e4db682d8280bebc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso19BA.tmp\ioSpecial.ini
    Filesize

    646B

    MD5

    b262b720034e09ef10959863bc962d7d

    SHA1

    bfc035a5ab52f634bbc9c3924fb89660ee432954

    SHA256

    40fc64d33dfc01b59775978dca41d9c210b8b19c14cdf946a5769a9d25d06620

    SHA512

    a11d72dd82fe07087b85ba5dc6ed27bce693f5a8afac1ff0f5989395a10a099f8a1f561154e36c9c73426bc72023d6f5a37963f121b01bc73809966360d0ee52

    Download Submit

  • \Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe
    Filesize

    965KB

    MD5

    e478c92160a3c73c77cdc9f515dfd8b0

    SHA1

    f0fa230f8c26bcbddc3b68f38ce0793d46c0ca2b

    SHA256

    6a6e16c176004128b918ef3f9ecf1d51d828e6099fba6542b5ac6abdb67c1030

    SHA512

    3682b4f5bc31cd056c3f552da657309093e35b4757c073a223385c04765f622ce9ee000fb5dbc950c68ad7913ffdcc831ef65bd5ed7241f6179ea375b17be822

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso19BA.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    8d5a5529462a9ba1ac068ee0502578c7

    SHA1

    875e651e302ce0bfc8893f341cf19171fee25ea5

    SHA256

    e625dcd0188594b1289891b64debddeb5159aca182b83a12675427b320bf7790

    SHA512

    101da2c33f47bd85b8934318e0f0b72f820afc928a2a21e2c7823875e3a0e830f7c67f42b4c2f30596eaa073617790c89700c0d95b7949ec617e52800b61d462

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso19BA.tmp\System.dll
    Filesize

    11KB

    MD5

    b0c77267f13b2f87c084fd86ef51ccfc

    SHA1

    f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

    SHA256

    a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

    SHA512

    f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

    Download Submit

  • memory/1932-576-0x000000001F270000-0x000000001F280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1932-710-0x0000000021740000-0x00000000217BC000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1932-531-0x0000000001240000-0x0000000001336000-memory.dmp

    Filesize

    984KB

    Download

  • memory/1932-533-0x00000000003F0000-0x00000000003FC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1932-534-0x0000000000C50000-0x0000000000CC4000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1932-537-0x0000000000B70000-0x0000000000BB4000-memory.dmp

    Filesize

    272KB

    Download