ec665b0f57c52bd4252a301ca4a8cfd4c4c12cebabce060d31ebf310d246203a

Analysis

max time kernel
207s
max time network
210s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BDSysLog_i.exe
Size

21.4MB
MD5

67be97f398c4dc80474cda170b8eea69
SHA1

57433f332234fad239a52d8b25b285845fd71560
SHA256

ec665b0f57c52bd4252a301ca4a8cfd4c4c12cebabce060d31ebf310d246203a
SHA512

33c8c74104679e44481389af1691b0e703a8142dcc517d5b9eb5847c5d59daf7b0bbbccb605851dfe4568b9f87e17d5f5d5ba26fcb84f1015a785d9eac2b0b08
SSDEEP

393216:oaV3CouR5exeuMzkJj53E+NFbVQZbV3UyEXnip0ozmiaPiFo7ffjxiyPM3rtixnr:tV3C7R9o5VFbVwbVoXip0U7RFo3nk3Jq

Score

8^/10

discovery evasion lateral_movement persistence privilege_escalation spyware stealer trojan

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

bdsyslog.exe

description ioc process

File created C:\Windows\System32\drivers\trufosalt.sys bdsyslog.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

description	ioc	process
File created	C:\Windows\System32\drivers\trufosalt.sys	bdsyslog.exe

Unexpected DNS network traffic destination 18 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115
Destination IP	81.161.59.115

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

bdsyslog.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA bdsyslog.exe
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

20 ipapi.co
21 ipapi.co
11 api6.my-ip.io
16 ip6.seeip.org

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	bdsyslog.exe

flow	ioc
20	ipapi.co
21	ipapi.co
11	api6.my-ip.io
16	ip6.seeip.org

Maps connected drives based on registry 3 TTPs 3 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

bdsyslog.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\Count	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	bdsyslog.exe

Remote Services: SMB/Windows Admin Shares 1 TTPs 1 IoCs
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
lateral_movement

SMB/Windows Admin Shares
T1021.002

Processes:

bdsyslog.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters\NullSessionPipes bdsyslog.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops file in Windows directory 1 IoCs

Processes:

bdsyslog.exe

description ioc process

File opened for modification C:\Windows\WindowsUpdate.log bdsyslog.exe
Executes dropped EXE 2 IoCs

Processes:

bdsyslog.exe

pid process

3000 bdsyslog.exe
1180
Loads dropped DLL 3 IoCs

Processes:

BDSysLog_i.exebdsyslog.exe

pid process

2976 BDSysLog_i.exe
3000 bdsyslog.exe
3000 bdsyslog.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters\NullSessionPipes	bdsyslog.exe

description	ioc	process
File opened for modification	C:\Windows\WindowsUpdate.log	bdsyslog.exe

pid	process
3000	bdsyslog.exe
1180

pid	process
2976	BDSysLog_i.exe
3000	bdsyslog.exe
3000	bdsyslog.exe

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

Processes:

bdsyslog.exe

description	ioc	process
Key opened	\Registry\Machine\SOFTWARE\Microsoft\Netsh	bdsyslog.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	bdsyslog.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	bdsyslog.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

BDSysLog_i.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BDSysLog_i.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BDSysLog_i.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

bdsyslog.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	bdsyslog.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	bdsyslog.exe
Key opened	\Registry\Machine\Hardware\DESCRIPTION\System\CentralProcessor\0	bdsyslog.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

bdsyslog.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardVersion	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	bdsyslog.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\BIOS	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	bdsyslog.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	bdsyslog.exe
Key opened	\Registry\Machine\Hardware\DESCRIPTION\System\BIOS	bdsyslog.exe

GoLang User-Agent 9 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

Processes:

description	flow	ioc
HTTP User-Agent header	112	Go-http-client/1.1
HTTP User-Agent header	4	Go-http-client/1.1
HTTP User-Agent header	6	Go-http-client/1.1
HTTP User-Agent header	26	Go-http-client/1.1
HTTP User-Agent header	110	Go-http-client/1.1
HTTP User-Agent header	28	Go-http-client/1.1
HTTP User-Agent header	30	Go-http-client/1.1
HTTP User-Agent header	32	Go-http-client/1.1
HTTP User-Agent header	108	Go-http-client/1.1

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

bdsyslog.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	bdsyslog.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	bdsyslog.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	bdsyslog.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	bdsyslog.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

bdsyslog.exe

pid process

3000 bdsyslog.exe
3000 bdsyslog.exe
3000 bdsyslog.exe
Suspicious behavior: LoadsDriver 3 IoCs

Processes:

bdsyslog.exe

pid process

472
3000 bdsyslog.exe
472

pid	process
3000	bdsyslog.exe
3000	bdsyslog.exe
3000	bdsyslog.exe

pid	process
472
3000	bdsyslog.exe
472

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

bdsyslog.exe

description	pid	process
Token: SeRestorePrivilege	3000	bdsyslog.exe
Token: SeBackupPrivilege	3000	bdsyslog.exe
Token: SeLoadDriverPrivilege	3000	bdsyslog.exe
Token: SeDebugPrivilege	3000	bdsyslog.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

BDSysLog_i.exe

description	pid	process	target process
PID 2976 wrote to memory of 3000	2976	BDSysLog_i.exe	bdsyslog.exe
PID 2976 wrote to memory of 3000	2976	BDSysLog_i.exe	bdsyslog.exe
PID 2976 wrote to memory of 3000	2976	BDSysLog_i.exe	bdsyslog.exe
PID 2976 wrote to memory of 3000	2976	BDSysLog_i.exe	bdsyslog.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\BDSysLog_i.exe
"C:\Users\Admin\AppData\Local\Temp\BDSysLog_i.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2976

C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\bdsyslog.exe
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\bdsyslog.exe --output-dir C:\Users\Public\Desktop --temp-dir C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495
2⤵
- Drops file in Drivers directory
- Checks whether UAC is enabled
- Maps connected drives based on registry
- Remote Services: SMB/Windows Admin Shares
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Event Triggered Execution: Netsh Helper DLL
- Checks processor information in registry
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Remote Services

T1021

SMB/Windows Admin Shares

T1021.002

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\bdsyslog.exe

Filesize
19.8MB

MD5
18afe807e9a8d82454eab46a17d63a0e

SHA1
802d6d5d0f10399e846a4488e79fa0572b090ccd

SHA256
06b47f308812d67bf79188a8a5927e366ccb6004b956ec1d599210b537a2a93b

SHA512
29c26dc9c142db9ac20252c32bb5dbe3a5c60b3139960044446a947826e7034a0ca595e7c4330ac3ff0fc48916dca5c7fb9c5e33203f48957236f2935e01c431

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\bdsyslog_windows.dll

Filesize
6.5MB

MD5
74c4324fb47789353ef86cb2526af2d4

SHA1
799a3cd338d23b0d95cbed5b2ebd3da851e1e1cd

SHA256
42d178d16356935432adcc13b69d36ac07adf857f82a9925dcb679f92cc787c1

SHA512
02dad9cacbaf1252f4188d22b7abf5edb7d87bc80fac47d40b1c2ba6c96bb9223f35f9bf9d954ca677b3bf8aeb86fde22f372c71ee57447ecef9c2b04b1f4489

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\bduefiscanalt.dll

Filesize
545KB

MD5
229b71551db071e1d06a960952414458

SHA1
6c42c3ac3b8e9096ae49af7e9b02dbe5fe3befe4

SHA256
917d323b3829600a165faf5eda2bb2f3c8ef6b08f07d25eb0ab9d0028f62a16a

SHA512
c8637b0d291fb2e09d475b3a05f6a63518a588f8c2ccb1e0de5abeab4d93ef8878ab76d5620def9f6011d52893e6ca19c2dac26b0e7e95e08d81ce511baee84a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\bduefiscanalt.sys

Filesize
39KB

MD5
8e65f4977b3ed4f7f322c63286155dc7

SHA1
7ffbd916e70de261af8f67781b555094003a099c

SHA256
3cadf994974823527d7997d209fa638a5e0c992357adc3b0a2974de76eb78b60

SHA512
68bf35d338cb49f97ce10fbe25ede62ca10290337e1e6a2996379644ef1f8e134eaae9a02731a154083a71dc1bbda0c0436d4a7154850bb16eb60c43ed605dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.capstone.txt

Filesize
1KB

MD5
46aad282a6e300251bde9300e4855bc0

SHA1
f51d0306028a34e17219ec146c23990cb559fe8d

SHA256
404bd0cb0137ffb797258f844f53e5273f9b6d5781a1a359a2880411f49a4f30

SHA512
b2a3309ddc578751df78fb187d6afbcce3b51e335454c561f3c34c8d25d326b91aa292c361d871de6a6120b5390cf5095a12c93673a8ba49ee013387e50ddca7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.cson.txt

Filesize
1KB

MD5
77f90510bf7b2b0a710eb5f6158f9c55

SHA1
b1a7a26bbdf9f9878796eff12d985eb7d94e78d3

SHA256
970f2652f30ab93ea9ad09eef52a2caccb88d1cf71160390950bb1f32817cfef

SHA512
0177638d67ea3f430583607e5614bc6c1d01f4ae729cb5053cd6a631593b4364d43e1e6d320a7e36c3dc3646b7002108c418e05804d318d206d8f9ce1612c1af

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_akamensky_argparse.txt

Filesize
1KB

MD5
b809f5c11fd6b246d3221f91f80f3c5f

SHA1
f548eb36d6f3b4d116ab2ccf5d4408bb3c2940f8

SHA256
a44a68d10a668a3df47c40945b17c9acbbc301a4edb12a015b781b608b6651f1

SHA512
595fa423152bbd1c70e936fb06f301798a0349162f041aa0717cddc40bd43f3220645c3e647fbd3c8e436c18ad5e92d73a6875f172d52241cf6c63dd7640d6cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_antonmedv_expr.txt

Filesize
1KB

MD5
3f3980790a5b0e7be4b221938c85587d

SHA1
dc0fde0713b2716c094a12241a0c4011c2c86285

SHA256
79e66c375e97a8a08a9812aa59dbdb01153e653b75976b1c5717c0b5e5f02861

SHA512
4d901217d08639fa3fb4e44bcbbce85212b5a81ab916260a7ccdc1dcb18e04d55fbe48e6b8ef89b617020f3facab3d11e22e82ea9b3cf5774510631de0f3d735

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_cention-sany_utf7.txt

Filesize
1KB

MD5
7c5a5676c53bb7b20aeb985ffec225d2

SHA1
8239ebddd27f5925ce58cb02194630255504cd75

SHA256
a00be57c836eacabc8e72ff58ad887ee4d5e818b772b1b9074e233b9d1cf0a0f

SHA512
13ff944032e79c2bddf6cba79ad7060c7c66190a8e9087756f8ada5883fbe166b3ddcd10850543dd54a42813b699d6a9608a717f98771bad14f7feef66d423ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_clbanning_mxj_v2.txt

Filesize
2KB

MD5
103a6c0db53f87cfd99f4436cfc35b29

SHA1
8705ac2a76a14f4efa61a73e5e1b69b60086c035

SHA256
a6efdee605307f7991919817b28a43388161265ad94375dbacf0a33e79de93d4

SHA512
68564c648947cbc6fdbe41862ca04304271efcbf2b65c41f77118cd191606e0d339316ea2bfe4be728af579b4a5be9085d9d2be63aad68ddecb171f36a049a3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_cloudflare_cfssl.txt

Filesize
1KB

MD5
9bd1e7022303d9bbc29fda142f3e4fd0

SHA1
d575808c843b85ff4cf090ff27f027a51840a385

SHA256
dc439285c60b63ec585769cf151a03345654a78271cdfd56250f59f1175fba88

SHA512
cf23d0ed2638d06909baf61637c9e175ab0c357cab1a623b1cc26e5efbf804394228e8f39f2e71fd6a65143766a4f0ebf96bd211b1b4da20e64ceaabfb320314

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_davecgh_go-spew_spew.txt

Filesize
766B

MD5
c06795ed54b2a35ebeeb543cd3a73e56

SHA1
d2f340a01dd48b589a70f627cf7058c585a315e4

SHA256
1b93a317849ee09d3d7e4f1d20c2b78ddb230b4becb12d7c224c927b9d470251

SHA512
809584d5c0b1e6b8e06613e264be2b293aaa0c69d7a476bfa6f8ca525ad7e80acf0ef4b703734aaf64181dfba7f9cb2468104b630bcb1b20cd296058f12acae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_ghostiam_binstruct.txt

Filesize
1KB

MD5
72ad1d75b64a03e031180f6248de0722

SHA1
d3c8c48940ae0e7d1e4a49f092b8f3a11a349ada

SHA256
6d5f044da0147da7d65e2638c9cbd541309d860b55df318afa829a9dccab3f87

SHA512
4e5d83a575b44bdcc78076b3fb51e9379201f246bdb25c7e8bb798964c3c8e671acff92232194d0924b4d9745bab4d6969deee96b26ca20373b348291498ac7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_google_certificate-transparency-go.txt

Filesize
11KB

MD5
3b83ef96387f14655fc854ddc3c6bd57

SHA1
2b8b815229aa8a61e483fb4ba0588b8b6c491890

SHA256
cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30

SHA512
98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_google_uuid.txt

Filesize
1KB

MD5
88073b6dd8ec00fe09da59e0b6dfded1

SHA1
08021ae73f58f423dd6e7b525e81cf2520f7619e

SHA256
0a8d61ed3cbfd5312326e8126c31ce9c627a283adc99131b56896d29ada04b2d

SHA512
804d2c26af857d3506a29185eb3e367eec60fb66881b946c0847ed8c171072ead4f18744efbbfb99d2c4a5e19551dc2c22af28badd824e3c71eec66a9eac50dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_hectane_go-acl.txt

Filesize
1KB

MD5
8756710788b01c015748ce43610c9bc9

SHA1
0718575c03bdd2c991837ade51ff3c83e606b024

SHA256
e8f4d38175a71a0bcb92e9af29ba837a5a35682f1d699df8cf02aec435203416

SHA512
60a74740a8ff10891f22c6633740440fe6e3bad49dfc0a449c07f443817e5cafb4184111d117771f3dbd2a790e9aa176c53243c8b25516c0d96170bde5ab923c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_inconshreveable_mousetrap.txt

Filesize
551B

MD5
b23cff9db13f093a4e6ff77105cbd8eb

SHA1
9174f93c54ad0022bbb9b445480cfb6b4217226a

SHA256
f42d670262f9aed37a33c97d93fa2c1324f439ee03d7690710c5fe002561b0b5

SHA512
15493a5bf8ec59740466af3be0e2417f7bc65e91b7e972ce5e97bbd490e0e66ef8b44e4f9ad1b81ff3f844ab6f1dc2b65edbae2fc493cb3199e3284b0e2eb8bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_mattn_go-runewidth.txt

Filesize
1KB

MD5
24ce168f90aec2456a73de1839037245

SHA1
5ca808f075931c5322193d4afd5a3370c824f810

SHA256
88a2379b3ca34bf5c57127aff9dcb802bbb60ece0805cdbda65b3bd115f971d9

SHA512
8eb2309d2c713e84f2dda7d1aadf904a0966aae75ab407c40894d5391ebada030970d8bbbd22a591cb4ddfbdd896bd941c461f845ee82d9858ce54cf3d50be4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_mattn_go-sqlite3.txt

Filesize
1KB

MD5
2b7590a6661bc1940f50329c495898c6

SHA1
0e280ff033260ad31cab00d9e8077dab27bc35af

SHA256
afa48e5e64dc610298d80b010ae7a3450f61a79500a9f1d1697ff6dcbbfa1f72

SHA512
907da96e3528208fb5b44a8effe8de145bd5d57e61a28450f56befd75658a69a6de57989f8b0f93729f1611165aa336b072df754b1f9d94c6ddecb9c52412ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_olekukonko_tablewriter.txt

Filesize
1KB

MD5
0b3be5790ce7a5a6c959f60a5ce4c138

SHA1
7c15369a8295c6d2cd26b41618f5ba81e7e06eca

SHA256
0583acca2b32a7e4f7bc2d98422b2f55097333273731b3ba2a16d66f9e422744

SHA512
a79a5444e3a4fefbfc4c367330f75b3ece4f0fc1dcbf2a4a1eb56ea540fafd57a08b1276be7404ee7e73664e3772e9b7efa504acc289535f2fee4e822e2b5111

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_parsiya_golnk.txt

Filesize
11KB

MD5
2b42edef8fa55315f34f2370b4715ca9

SHA1
58853eb8199b5afe72a73a25fd8cf8c94285174b

SHA256
43070e2d4e532684de521b885f385d0841030efa2b1a20bafb76133a5e1379c1

SHA512
42edf58252a01b5858e6cc3c5a1a29bbcdf1295351b6a4383883a189499ec3c1a64cd5f2f6498a9385e85af21732c65afa866a8371afb4bf843f4e8bd38a7a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_pierrec_lz4.txt

Filesize
1KB

MD5
09ece85f3c312a63b522bfc6ebd44943

SHA1
e46e6a6dce75540a865a761f00e65c78b00c5895

SHA256
6a358d2540ca14048f02d366f23787c0a480157e58f058113f0e27168dd4e447

SHA512
37beb90675735e1d3586928d6db32720758d57c4486983d10e8572f3a825457638722758c18489713b6dd660fe9a8fcb9dc86b223c58a072105878d418cdaa17

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_pkg_errors.txt

Filesize
1KB

MD5
6fe682a02df52c6653f33bd0f7126b5a

SHA1
9c1bedc0d42f24c24a1bd266f3ce101a4b0579fc

SHA256
8d427fd87bc9579ea368fde3d49f9ca22eac857f91a9dec7e3004bdfab7dee86

SHA512
76bed8bcf00ae10c0611bcc4c3a569b991382ae58d8203fc462d0105064979dba584269e7a7a84b18aca0b6a07ace91c05ecbb42ce64cd3c887f8f498f5d9bac

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_rivo_uniseg.txt

Filesize
1KB

MD5
4393c339bf180cf6e188b6ea32d8b93c

SHA1
f60d047cd34de4c91b3a045ebf117fe54b3c279e

SHA256
a59885f5f0f3b3c07cf9444db5fe399b6f0791eac82055f7b85cc65500551039

SHA512
bb69d97515125dec51f7fef1a137ce160cffbf41b72472ec8d9ed8f7355a5550cfb950be5226d3858d4e6481ffdafac0a1650ab3546085360adc4d4224dd019f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_rs_zerolog.txt

Filesize
1KB

MD5
298ce0a5a34ff24389ba1355acd24929

SHA1
12a239ffcacea7fd832aa4e78eed1abe452f7827

SHA256
1b8f6b05dd66f6eec835515706886cb01bf00358cb9312301ed6ad23d6b2d008

SHA512
250f31664127f484e8845b87edbcd29b5624147898bfc8d4a49a2c3ba5627958e61b49ea90718b7198e7dfbc2c1e6996b19107be11c9b12b53451256b6032fe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_spf13_cobra.txt

Filesize
9KB

MD5
920d76114a32b0fb75b3f2718c5a91be

SHA1
c7feacb4667f8c63c89e2eeeb9a913bd3ced8ac2

SHA256
5e3400b93bbb099e83e52bab885e7441750673c21f97988ca3f1240639b63283

SHA512
01040f76c50ee0e1fad04cd695a762950507349486d0d4383c0af00a3b19f27588c217cd47cc09ed858eb3922c3a5a11d7f4c9c87782c78b15a08e8696a83bd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_spf13_pflag.txt

Filesize
1KB

MD5
1e8b7dc8b906737639131047a590f21d

SHA1
b3c86ae465b21f7323059db335158b48187731c7

SHA256
b8514c577c1c4b46cee454d5a882b15fa411e72c5bd7f801f241591789fce61a

SHA512
fb3f7ddac999e6c32d77393a4267d69bf0c5bca9905bace41f81e8c7fc04121fdac921700a0f913b0807997644f3bce375b08accffb9bba081034caba7dc5ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.github_com_yeka_zip.txt

Filesize
1KB

MD5
2bf3b913a6ef2935d6e189fe04c7c0a7

SHA1
66ecc45fe7de7a9d26ec0e9f8bcd79c4307cf82f

SHA256
0a531075bff0abc78db942ee30ee56a95e8dcac3fdf48f7f32c059878a4a2aad

SHA512
94ffa2805cfb4f1118830ac5ef4c1bfabc4c55c71e3946c98f5ef5bb6ec88a8a40c8573d90b359d60ef26b8e067092399c68595b966b723aa2a05aceed6d1130

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.golang_org_x_crypto.txt

Filesize
1KB

MD5
5d4950ecb7b26d2c5e4e7b4e0dd74707

SHA1
d6a5f1ecaedd723c325a2063375b3517e808a2b5

SHA256
2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067

SHA512
5bbb2d94184f661d95ac3db758b72a9ce25d409b1179264634bf0612f797424b15a3f6e02069442a75561ca5054e4c4111b158b8dce4d545a7348f6392506a35

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.gopkg_in_ini_v1.txt

Filesize
10KB

MD5
4e2a8d8f9935d6a766a5879a77ddc24d

SHA1
e4ef54f2c30670f950d5e196afa09c88d8ef0c8a

SHA256
f6918bd93ffe07f4b2c61b8287c32cb3122e08aed0be50f1c7d0eddc87877a8f

SHA512
124954cdbb8aa29c3c3660e77cefa8b4e8fae90ceb3e9b97cf07b4c47f634af01be774667d00b09408d97e161b8dd9030968e6165044657da74cf44765225608

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\licenses\license.jsonparser.txt

Filesize
1KB

MD5
929957adf59ac5fb3003c1e62c956ca2

SHA1
9cc620dc83a5a97c71687f3c311872a49b4025a5

SHA256
8bfa889307918e6a53975bbdbea1b09b27962befec02fe1b1d7e60562221bc18

SHA512
148e145bdd0a7dc96901af57b7a0ed199b4b0b81a4734a6758ee0cdbd0f50ef2678da039ad540ace153ff18277dc3b1be52f58ab93bbc0541a1b73e8970f83de

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\temp_685982071\wmi_script_293659242

Filesize
19B

MD5
600200b6de7a5d05cf7144b14473a585

SHA1
1cc4d6c89d8cef71cb2808b89792a8cae26e48ad

SHA256
fb331e5d434b9e2f0a8cbe37e79a01a809027905bc20a0a67dd06e129f06ad8b

SHA512
e9cdb4be403b7d0dcb0bdb65e0d8a59bb5763da0efd40c4fcceea362ce602581805968a7e43a05335b4547554194a4ef7b39fc2ca7fd30b76564c90eeae5f986

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\trufosalt.dll

Filesize
651KB

MD5
7e2ab1d526a9b42b234d748b5be60f4b

SHA1
e67a244b5a50c731524c13f7f56fe11410ded749

SHA256
fbcd04642f8c4dafed4ac1f5699eeccb803a96d7b4e68a272f0729b2a31a6492

SHA512
e7bd785c1de3cabd6d36061a8b8f439f6d0541f6cdb081dc10988b3c33f9fe3c08f4dc5824ea69ec13bcee5cce8759a889aabd25f7d5c952b5ae45c9a94156e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\trufosalt.inf

Filesize
3KB

MD5
39a5bacf35c77490fc4d66ea920a5c4c

SHA1
5e07fb2930e181a767f8573718419c73f3d8e21e

SHA256
c1008e38485b3c759deb994c54abc1615daaf1e23f5bb220cf4350af89080c79

SHA512
4ceaeeb9bde0ed5f5378cf61b195ebce82e51d520df5ebe98b17323a29b22db977c79205f87108d9a080f012d3da34f9c49cd14623ce78ec21c5377bfa2a661c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdsyslog_562338495\trufosalt.sys

Filesize
618KB

MD5
28f9730b69bdd85d5965e30182cb78a4

SHA1
65e0f3f6c2ce739dffe33978d166405befb284cd

SHA256
156fde211e87d92f3ab7ab6297e0ff78aa257b2e7b02a7ce60a2c82e04088f17

SHA512
561f86d1aae321b6e5ff9e009cff027ae6ad0ca34e3dc4c2a88e05ef03c44ef20f039d31c97bd7b688fe0fb4e53a652f9bf3629ec5d8d8eaa0a53c134f80116b

Download Submit
memory/3000-274-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-284-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-256-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-275-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-278-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-279-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-280-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-282-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-283-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-273-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-285-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-286-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-287-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-288-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-289-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-290-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-291-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-292-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download
memory/3000-242-0x0000000000400000-0x000000000180F000-memory.dmp

Filesize
20.1MB

Download