Overview

overview

10

Static

static

3

852d4f447f...18.exe

windows7-x64

10

852d4f447f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-11-2024 11:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    852d4f447f4aac4f61063ef5849e68b8_JaffaCakes118.exe

  • Size

    6.3MB

  • MD5

    852d4f447f4aac4f61063ef5849e68b8

  • SHA1

    8529bba312dd85254ac2240e1f57d98c0fed1766

  • SHA256

    9ef8406742a277c694c6e454c16c95528377f0ba8cb56f37a7dfdd53d803c6ec

  • SHA512

    19586186fa50405d2b972bd25344833db52076451e68dac985156e8bc96beea6469e9f1fae1cc7afd3f8eeef3b4d24d2b844af93888df56b927b7a266e794c59

  • SSDEEP

    98304:qOKFSYln3X0qnvbXEsBc4i3dxgkVRdgjh5Fn4zj0IBTGFJZkdk3AgWcxHE9hDgPf:ynBDEsBqtxgkVRdETnooFOk3bW2k9E

Score
10/10
ardamaxdefense_evasiondiscoverykeyloggerpersistencestealer

Malware Config

Signatures

  • Ardamax

    A keylogger first seen in 2013.

    keyloggerstealerardamax
  • Ardamax family
    ardamax
  • Ardamax main executable 1 IoCs
  • Drops file in Drivers directory 3 IoCs
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 38 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in System32 directory 40 IoCs
  • Drops file in Program Files directory 30 IoCs
  • Drops file in Windows directory 31 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 33 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 62 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\852d4f447f4aac4f61063ef5849e68b8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\852d4f447f4aac4f61063ef5849e68b8_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\SysWOW64\VBCQJU\FNO.exe
      "C:\Windows\system32\VBCQJU\FNO.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\VBCQJU\FNO.exe > nul
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2668
    • C:\Users\Admin\AppData\Local\Temp\MorphVOXPro4_Install-1.exe
      "C:\Users\Admin\AppData\Local\Temp\MorphVOXPro4_Install-1.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2200
      • C:\Users\Admin\AppData\Local\Temp\luiE669.tmp\setup.exe
        "C:\Users\Admin\AppData\Local\Temp\luiE669.tmp\setup.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2668
        • C:\Users\Admin\AppData\Local\Temp\VSDE7DF.tmp\DotNetFX\dotnetchk.exe
          "C:\Users\Admin\AppData\Local\Temp\VSDE7DF.tmp\DotNetFX\dotnetchk.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2656
        • C:\Windows\SysWOW64\msiexec.exe
          "C:\Windows\SysWOW64\msiexec.exe" -I "C:\Users\Admin\AppData\Local\Temp\luiE669.tmp\MorphVOXPro.msi"
          4⤵
          • Loads dropped DLL
          • Blocklisted process makes network request
          • Enumerates connected drives
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:2360
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding E9D7C029AD1C335274F1B254055CC185 C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1612
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 2ED0C138E1C0848171A7DE0E1289A85E
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:316
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 6BDDE368D9E48E17CB0BC991D0BBD0B1 M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • Blocklisted process makes network request
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Suspicious use of WriteProcessMemory
      PID:2636
      • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe
        "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe" i "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudio-x64.inf" "*ScreamingBAudio"
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        PID:2456
      • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe
        "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:752
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
      PID:2092
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003B8" "0000000000000598"
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      PID:684
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{4e00f37b-14c5-3be6-9a08-90797aa3a527}\sbaudio-x64.inf" "9" "6892a7cef" "00000000000003F4" "WinSta0\Default" "0000000000000598" "208" "c:\program files (x86)\screaming bee\morphvox pro"
      1⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      PID:1616
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem2.inf" "sbaudio-x64.inf:SBAudio.NTAMD64:SBEE_Audio:2.0.3.0:screamingb\audio&ver2:*screamingbaudio" "6892a7cef" "00000000000003F4" "00000000000005E0" "00000000000005F8"
      1⤵
      • Drops file in Drivers directory
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      PID:684

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\f777d1e.rbs
      Filesize

      15KB

      MD5

      7837b58f8e22bfd1b6f83a85e90b4618

      SHA1

      9e85afe6b32c60c35786cac56f5bb340156131d8

      SHA256

      e3be7f86405a582b9e6bfbb552c2acb91713d615f7278f43c90d34d172e96a6f

      SHA512

      adb87fb621e6756c9ee8c7fb5d155862220c51cb2520350c24ad885f6c5844d0b549602b095b9d39590e80c4ce3089cd9291aeb7fd512da6c99ff7c88fc6d808

      Download Submit

    • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Interop.IWshRuntimeLibrary.dll
      Filesize

      53KB

      MD5

      94890b280164e74bacac5f0cca722957

      SHA1

      6f3821343e06174a5ca1ad1ca87007d04582c0ba

      SHA256

      61bc5b6cb3f3653cf36790cdb1caa6112716ce8062f595cfc4ced655c0ac5e75

      SHA512

      8231e18b065507a330856bc4ee9646bc927803c585ce552f71ef2394131e119062cdbc91427527b5a5e92cd9fd400beb30c5c7cb9e88cdd7b50d2d3664413c8a

      Download Submit

    • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallClass.dll
      Filesize

      14KB

      MD5

      81e8fc57bda495ce4cbf7347ce8b6431

      SHA1

      83b1b3c86a3064c1c70b39f102231f61398fb784

      SHA256

      e042103c1bce5ce0a1af8308a17ae79ef3c415dffca4980f61b914cda71161bb

      SHA512

      9adc66acc19bf9936c7543d1a0baf7524fcc9d4b65220b848a4a7009bf25aaa1eb62a28f750f6cc3720e7669edafba309415a9e8ab232afb6aacb43f4076df36

      Download Submit

    • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallHelper.dll
      Filesize

      70KB

      MD5

      f3f8bf4e2ed2b7363dcf9c45d748d328

      SHA1

      2dc013bf257b10eb7bb3538cc2c11b87276ce561

      SHA256

      fb5ea5469d1e61fa199dad6bfa30e17b26f8fc29df6e65c03532017700990bac

      SHA512

      843b09bcebe03b7971fe1f9ec2cfaadc198d7a9996db05ee0b787ea49630d37c9fb57fb335ed3d79cf0950f279aa3a06ff213c9988b39a12722f5929b7305884

      Download Submit

    • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe
      Filesize

      5.4MB

      MD5

      3eddcfa9d7d3496b9bd3cc5876eed4a5

      SHA1

      f6d95a0876293947b86941ebc8ccab5b841b027b

      SHA256

      29e368872a7a6e2235ff97450d3b6231c3c363f8025ff753b570a969791e21ff

      SHA512

      e79fe726fac1593019b7bb49ff2941e461b953274ac5d59a97fa39c0a30a17d328c3948a1848917a99cae8b9d12299e172129d5e9ab90bdc4c9a39493fa18535

      Download Submit

    • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudio-x64.inf
      Filesize

      3KB

      MD5

      24b34f2a52988e4e4a60120647353cfa

      SHA1

      3fb81ff5aacaf1fc6ffa970aca5fe26dc4828603

      SHA256

      8fa1f1f58bccbed09bbd41f354bd3981731a8e4a749dd0c9b81537cea87af9a8

      SHA512

      901b9258c1aeb22cf4bba823f47190775cb97cf5a79c47306a364f13de167de606472ce4127a168603f948ab97c51bda014ee1c3acb75d24ac21b4c6329c57dc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_B3A886FA3C8164A3F02FCB44EE73FFCA
      Filesize

      5B

      MD5

      5bfa51f3a417b98e7443eca90fc94703

      SHA1

      8c015d80b8a23f780bdd215dc842b0f5551f63bd

      SHA256

      bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

      SHA512

      4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_B3A886FA3C8164A3F02FCB44EE73FFCA
      Filesize

      404B

      MD5

      664b2327b5e2ad29e6ef3a69f3b869c5

      SHA1

      3306f23b86c2a8f5feb3435799bd122c1dc9813a

      SHA256

      3444c333da2831b92fa69d74aaaefb15ceeb895a51e053d67aa093e76ec7e5e7

      SHA512

      1425a5a97241654da79f4d94644a94f6cad9e9ea31114d0a01bd1971b6fc1fef22f2f44c31124b76cdf83bb5cea7c8af46c948bf3a89de75ef8454ec2a9abdbf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CFG8FE1.tmp
      Filesize

      123B

      MD5

      17af548f88a3199aa8a63a72201f470f

      SHA1

      4e64bb20a2f54d778ed684aa21abebad63a5c2c0

      SHA256

      a558dbe555749cd3bdd62060fdbba72720c4f4a186d5870b977ed2acf9721d9e

      SHA512

      08bdbc75f5fd4d9ec85c53253e4030ce7245b20ecc95e032835609c7c43a07d6c9e7776f48c5494a788a543240c0649a9f1a34a0e514ebc4dda5730953647338

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8A26.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSIEB4B.tmp
      Filesize

      222KB

      MD5

      fb4ed24de182178cac3cd3870a4ba5b6

      SHA1

      38b168fbe97b72a5de5eaef16535ea1aed964e1b

      SHA256

      5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

      SHA512

      03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MorphVOXPro4_Install-1.exe
      Filesize

      5.0MB

      MD5

      15b3a804efbf15a9aea2bc0be1de70d6

      SHA1

      b2209f7fa7940df3785701b10fb3a37efe114a3e

      SHA256

      2811da99c134a951686c8420869368b6d2413faebd445e33bb754b2ec3d3e349

      SHA512

      bb74e835ac5ca2933548e648654eb0a88c63eb364e554825715e57450a8b722543084a202a21337d52493ab58717f51c2a70c97e5b303a44e914dc7c5d8d0d80

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\luiE669.tmp\MorphVOXPro.msi
      Filesize

      5.1MB

      MD5

      b53e5e973c4eafe272f2a4bf53a0343b

      SHA1

      2fc88d6519789af0e7a75ba7b394bc26349cef55

      SHA256

      c0ca185450341bc714859cf24a85a9e6a2d31650427ab8101026a91ff455a6cf

      SHA512

      098044422bfd064ee96761e458e675a2454d41ae07bc55d294ece79e72b64c5199260ec98ff76f8c8827d3ad2a6483ac807267414f1dd52e845a62997a82c010

      Download Submit

    • C:\Windows\Installer\MSI9266.tmp
      Filesize

      60KB

      MD5

      46b24723e5126a6f7a3a7d6facee18a7

      SHA1

      1cbcaa27406d66115814231977b970a805726a2c

      SHA256

      d14b73d7a21be2a97dcea3e6a997fc846406bf2c699370acd769aa7f097aaec2

      SHA512

      f3ad9a1ae3f55058bfc256441d62b4110b38e1f2b3328e09ad47805f1c312cdf67b313e5f5a67d19fa128e0082d08dd79f1fff6ea3fc49bf544b733a827b626d

      Download Submit

    • C:\Windows\Installer\{588A57A4-4E74-427D-8D0C-AA18EBE439F7}\_782962480EF130D54240D3.exe
      Filesize

      102KB

      MD5

      b011a4a55df9c8d2f8113445c059ee0e

      SHA1

      e6e733724a3c3c45093feaaa9d0578a41b0b0d2b

      SHA256

      b0f73ec2b4eedc632cb1a314edcd855bf0ba50cdedae138746a606934a20eb0f

      SHA512

      df1dfb1edcc0f95ea819cc6dfe0da47e2294f249ad5a1a9cc7fc4520e35a6abf92b3b41681c44267373839fe2e36cbcd98474ec4b6cdaa31040f455ea3d0eadc

      Download Submit

    • C:\Windows\SysWOW64\VBCQJU\AKV.exe
      Filesize

      485KB

      MD5

      b905540561802896d1609a5709c38795

      SHA1

      a265f7c1d428ccece168d36ae1a5f50abfb69e37

      SHA256

      ce666ce776c30251bb1b465d47826c23efaa86ec5ee50b2a4d23a4ceb343ed53

      SHA512

      7663654f134f47a8092bae1f3f9d46732d2541ab955e7604d43a0def1e61e2bc039a6753e94d99f1d04b69f55a86f1fb937513671019f1bdf100edb97b24badc

      Download Submit

    • C:\Windows\SysWOW64\VBCQJU\FNO.001
      Filesize

      61KB

      MD5

      43a9733e89a458d638ffb6a2a475d557

      SHA1

      f19a7513a53208e6b9295acff974181b593675a4

      SHA256

      8d093cbce69e6d77abec376639a2814653873db3d49d270effc5536de51a5930

      SHA512

      5e5fa1e02deba80eb8098e6e2ed89ac29a7c5204a713ed6725a0ca070c5da19670171ba1e1fbe38aab5cc5f15061ca8c1a66060fdd633a3270d1609135d4052e

      Download Submit

    • C:\Windows\SysWOW64\VBCQJU\FNO.002
      Filesize

      43KB

      MD5

      f195701cf2c54d6ceadad943cf5135b8

      SHA1

      9beb03fc097fc58d7375b0511b87ced98a423a08

      SHA256

      177c1dcc7f13158445f0b99713e9cad205da86e764940a48d43dc375565b0dec

      SHA512

      f78def1ab431bb2b7b647ec76c063c30a87cabd22605f94cbe4fbb6f757fd54ddf7861d3842a0e369abfce94b68d41dec0fe2322a74f67d9875f561f92b20025

      Download Submit

    • C:\Windows\SysWOW64\VBCQJU\FNO.004
      Filesize

      1KB

      MD5

      a66cd6f8075ca7e165aa66d6a2cb6dc2

      SHA1

      d20e7735ee697e4c9a6e5babfbb7ea03a2b9c1fc

      SHA256

      b6db1985cfc190a3e8c9dbd67e83174000d396f5617a2204055a9d653b673dd4

      SHA512

      9b992c3cd4cace9cde7c036c040e3e97771cc6deb5a00dc7816e5f76039b257c2225166f5e634556d0d0a7b0749f98e8c0de46f15342aa82b7b3cad91efcc3e4

      Download Submit

    • C:\Windows\SysWOW64\VBCQJU\Nov_02_2024__11_20_15.008
      Filesize

      1KB

      MD5

      0b55ce0261890e8167f42cbd950aa54c

      SHA1

      d8eb47b7d011c6ba874101eec3e6df6e035d3739

      SHA256

      b19983594b03ec727d7f0c1ce04a98899b229a1296292434d0ca9ff1eb198b4c

      SHA512

      2898590decb1abd24dae99ea8b5e4c9afabe7e81bea5ae18c30b636aeec15b29a08dd79870765fba6e5848f07c2c0bf6c900d0e6f40d1e3ade4bf6eedc414af4

      Download Submit

    • \??\c:\PROGRA~2\SCREAM~1\MORPHV~1\ScreamingBAudio64.sys
      Filesize

      38KB

      MD5

      8b56bdce6a303dde63d63440d1cf9ad1

      SHA1

      c51b124eea04b6388b313bd3494891cff5b394cf

      SHA256

      66a4356c29d00a1b8a95975c073ae4e6d2a90cbf3b143fe9b83b96bec0805d46

      SHA512

      e02d9b221e3d94325b540eea2c0d35d089150f406e0ba35e37234644c1359880572abb7cfce61da64582129e7214a55f48a85bcc1352366b1844e497e22b2108

      Download Submit

    • \??\c:\program files (x86)\screaming bee\morphvox pro\SBAudio-x64.cat
      Filesize

      7KB

      MD5

      54edf263c49e02cd6b6794d7a8d312be

      SHA1

      30ccf63aa2b614263a4c38f9bfdba812d6d85996

      SHA256

      c9c37745986d6e1505ad6647aa4cfd0c2b258d54a6d402f2b9983f228c604c9d

      SHA512

      3eef4442a5b7e037eab909687158b75cee546a901748eede414cf1ea155bce7f3276a744d0d2c085e9d2b28978dab3c427587b80de96185ba0fe9d9696c0e5b9

      Download Submit

    • \Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe
      Filesize

      55KB

      MD5

      f6fe452fca855571d55c0540c2210cc7

      SHA1

      e9ceef78724e91c764324268e0f41beab18a39d6

      SHA256

      2f02a87aec74ffbe2d77132a2ece3fc6b47c604f694cfc2fd18d127790b6e874

      SHA512

      9b6ffe1ec72c6313ce410bf795b029da408839338d8f5a8d0124f5ed816cd5a36a877bca1eed10a148f3e11813b6eb14448ff815a3a12b9a387e092915dc8ec7

      Download Submit

    • \Users\Admin\AppData\Local\Temp\VSDE7DF.tmp\DotNetFX\dotnetchk.exe
      Filesize

      86KB

      MD5

      289df668f70cd5cdfe36fea4b491fa28

      SHA1

      6d78099c40542b11771389fa38938724905167f2

      SHA256

      2e643745991bac3e5ec460b0bbbe2002f433c77a82514122b31708302ecc9306

      SHA512

      b7d115d34f9e4ad73f89c04221855b3f3c6dac4b009c7d5b268cfcf651ea4cbd9588ab7a690392b1d1a4afae3b47d3d20bf1ff4f98a2bbfefed1c4cef7d04499

      Download Submit

    • \Users\Admin\AppData\Local\Temp\luiE669.tmp\setup.exe
      Filesize

      476KB

      MD5

      3481b4721a4d1a5797685619f3ba2b80

      SHA1

      8aa8e3fb49f7e73012f9e12f80b95f3ac72f3728

      SHA256

      38dbabae225d93cebde5087128a7376be4a0528dc8e60b22081fba71c9f18b92

      SHA512

      a95b4b4e9068f69d489291a302b7ab8fa255de646400a3ca315decbf5f89446bbba1e906b2d8493ebc474e7d06b869af363ba6ffa624218322e9ca30b775f998

      Download Submit

    • \Windows\SysWOW64\VBCQJU\FNO.exe
      Filesize

      1.7MB

      MD5

      d95623e481661c678a0546e02f10f24c

      SHA1

      b6949e68a19b270873764585eb1e82448d1e0717

      SHA256

      cecfadce6fb09b3977c20d15fb40f8f66a1d7e488a4794451d048a598c3417da

      SHA512

      dee02644d92ed30e88bb10e9dcdba97abd9949b230059ec20cf5d93061f9cdb77b1e793e5f69d0b51595c30077c3ddd093348d22b070ce898ccefe28b8062591

      Download Submit

    • memory/752-333-0x000000000A790000-0x000000000A8C3000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/752-336-0x000000000AC90000-0x000000000B1E4000-memory.dmp

      Filesize

      5.3MB

      Download

    • memory/2124-21-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2124-105-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2636-305-0x0000000002770000-0x0000000002785000-memory.dmp

      Filesize

      84KB

      Download