babadeda | 1cf25999202dc9426ae5f2e7f77e67dfac062bb1a8a99dd9959b6451f3f499a0

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PlexDlnaServer.exe
Size

122.5MB
MD5

c893af41e33ca5da0a8acf8ac623c2ae
SHA1

65412f1aa3839e41a00adc2ebc7162880c258be7
SHA256

42ccd61f1357d37d8c439082e195eed6eb0d3a6b060852ce57161b469919f778
SHA512

20474b4ab6e85a7b33d544a5f8cdb5d6b03b86ee67b07a54a17ee6358d51abdcd0711a78999fceb83f971590707c62941f0d2c5d18abc1c091694ea29ceb517f
SSDEEP

3145728:zvTXJ9SA7SJ4rS5rCf5PSiDLJHYbxYUBQDLfy/LEXwzce:zTJsrc56YLJHYVlBQHKN4

Score

10^/10

babadeda crypter discovery loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral2/files/0x0009000000023bb1-213.dat	family_babadeda

Babadeda family
babadeda

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	PlexDlnaServer.exe

Executes dropped EXE 1 IoCs

pid	Process
2128	iisexpress.exe

Loads dropped DLL 64 IoCs

pid	Process
2036	MsiExec.exe
2036	MsiExec.exe
2036	MsiExec.exe
2036	MsiExec.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe
2128	iisexpress.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
14	4756	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e5788a8.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5788a8.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8CEF.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8F53.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8C90.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8D2E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8D4F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{C5C70855-D3F8-46FD-8572-5142D5091E6F}	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PlexDlnaServer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iisexpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	PlexDlnaServer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4756	msiexec.exe
4756	msiexec.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4936	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4936	msiexec.exe
Token: SeSecurityPrivilege	4756	msiexec.exe
Token: SeCreateTokenPrivilege	4936	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4936	msiexec.exe
Token: SeLockMemoryPrivilege	4936	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4936	msiexec.exe
Token: SeMachineAccountPrivilege	4936	msiexec.exe
Token: SeTcbPrivilege	4936	msiexec.exe
Token: SeSecurityPrivilege	4936	msiexec.exe
Token: SeTakeOwnershipPrivilege	4936	msiexec.exe
Token: SeLoadDriverPrivilege	4936	msiexec.exe
Token: SeSystemProfilePrivilege	4936	msiexec.exe
Token: SeSystemtimePrivilege	4936	msiexec.exe
Token: SeProfSingleProcessPrivilege	4936	msiexec.exe
Token: SeIncBasePriorityPrivilege	4936	msiexec.exe
Token: SeCreatePagefilePrivilege	4936	msiexec.exe
Token: SeCreatePermanentPrivilege	4936	msiexec.exe
Token: SeBackupPrivilege	4936	msiexec.exe
Token: SeRestorePrivilege	4936	msiexec.exe
Token: SeShutdownPrivilege	4936	msiexec.exe
Token: SeDebugPrivilege	4936	msiexec.exe
Token: SeAuditPrivilege	4936	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4936	msiexec.exe
Token: SeChangeNotifyPrivilege	4936	msiexec.exe
Token: SeRemoteShutdownPrivilege	4936	msiexec.exe
Token: SeUndockPrivilege	4936	msiexec.exe
Token: SeSyncAgentPrivilege	4936	msiexec.exe
Token: SeEnableDelegationPrivilege	4936	msiexec.exe
Token: SeManageVolumePrivilege	4936	msiexec.exe
Token: SeImpersonatePrivilege	4936	msiexec.exe
Token: SeCreateGlobalPrivilege	4936	msiexec.exe
Token: SeRestorePrivilege	4756	msiexec.exe
Token: SeTakeOwnershipPrivilege	4756	msiexec.exe
Token: SeRestorePrivilege	4756	msiexec.exe
Token: SeTakeOwnershipPrivilege	4756	msiexec.exe
Token: SeRestorePrivilege	4756	msiexec.exe
Token: SeTakeOwnershipPrivilege	4756	msiexec.exe
Token: SeRestorePrivilege	4756	msiexec.exe
Token: SeTakeOwnershipPrivilege	4756	msiexec.exe
Token: SeRestorePrivilege	4756	msiexec.exe
Token: SeTakeOwnershipPrivilege	4756	msiexec.exe
Token: SeRestorePrivilege	4756	msiexec.exe
Token: SeTakeOwnershipPrivilege	4756	msiexec.exe
Token: SeRestorePrivilege	4756	msiexec.exe
Token: SeTakeOwnershipPrivilege	4756	msiexec.exe
Token: SeRestorePrivilege	4756	msiexec.exe
Token: SeTakeOwnershipPrivilege	4756	msiexec.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 4884 wrote to memory of 4936	4884	PlexDlnaServer.exe	82
PID 4884 wrote to memory of 4936	4884	PlexDlnaServer.exe	82
PID 4884 wrote to memory of 4936	4884	PlexDlnaServer.exe	82
PID 4756 wrote to memory of 2036	4756	msiexec.exe	88
PID 4756 wrote to memory of 2036	4756	msiexec.exe	88
PID 4756 wrote to memory of 2036	4756	msiexec.exe	88
PID 4756 wrote to memory of 2128	4756	msiexec.exe	89
PID 4756 wrote to memory of 2128	4756	msiexec.exe	89
PID 4756 wrote to memory of 2128	4756	msiexec.exe	89
PID 4756 wrote to memory of 2128	4756	msiexec.exe	89
PID 4756 wrote to memory of 2128	4756	msiexec.exe	89

C:\Users\Admin\AppData\Local\Temp\PlexDlnaServer.exe
"C:\Users\Admin\AppData\Local\Temp\PlexDlnaServer.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4884
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\setup.msi" /q
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4936

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9F0B19F5D935BF261B1D4515163CA507
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2036
- C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\iisexpress.exe
  "C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\iisexpress.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5788ab.rbs

Filesize
25KB

MD5
e87ab82f3089360ef1d0a335a816f996

SHA1
0ae8d1ef3e998ff9e0fe184f3fba77d4a848d2b3

SHA256
2cd9fe09cf56e5c00c0ee1a74b705b2443d52c4ea4fb0017764da00f6aeae889

SHA512
de3f06c05d8f8b29866813bc4e66adb6452a3fa712093d8534cefca0cf7abd5165cf3a2ff327c26d1c87aa1d49f850425dfbe307364b04271e3a50f47c24a680

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.msi

Filesize
33.6MB

MD5
c309f730b9c01bce5a46404bc077e9f0

SHA1
3f9ebe4124c0e44f01222dce5407ed1796c4043b

SHA256
bf1931469dccc1bd2b5922cfd905f638cf7f09f916afee17faa9594224f1726e

SHA512
32722a7e8cdbcd7d5352f972611fa47ed741b87e37598bdd976b4986c0408b8b098e280968c2dc042ae7d4048a7d416df06ea4b040778bd69d233edfad15a457

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\IISEXPRESSHELPER.dll

Filesize
38KB

MD5
c4f7aa38f9fdb738a30dba519392f09f

SHA1
84cc1721eb8cc790f45faa376ecf6558b6d6538e

SHA256
060f4096e0a778036db951416632791cacfdbda8d4abc1b43631a302281e945c

SHA512
f390423dc6c711cec79054e93979fdb86d9f03d5f2267c295e8cf2b1a22fa716df45ff1df4accd42d224976fc7081dd598e8839571a9a0485c3eaab72796a9ac

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\IISRES.DLL

Filesize
232KB

MD5
2af68f7d45de7d3ef9eb7c6f873ca939

SHA1
e8d6b673806a59dd678496bbbad332986298f492

SHA256
77f340f011dcaf14da41ad033da7a969d7c6a7e18fc920e7244bc2f033e62041

SHA512
6c11359f176fcdedb5082a15db4f68f2dfebb8cd60f7802d4933b1a1da5621b7ce09107a283742d1446308b574ec47e27e062aaae0e34d986fe1a963176471de

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\IISUTIL2.dll

Filesize
238KB

MD5
2cd48092dfafe0accb346c1876b04e7d

SHA1
1b1988bd8cb9f5ceb90ebab9e1dc3d2f73cd14d3

SHA256
10239bb5d977fa78506ae172a67c558df3f8add8455662ea1db7b8115fe3e1e2

SHA512
2d333c6b51593c50ea0f8a5539cbf1f1a80d8910648b283584f9ec2b0205b493c47c83671b5082bf5b22ebdf69302818a94f68b40856712fcee07c6f600767c0

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\W3TP.dll

Filesize
27KB

MD5
4c851b983f7b54c61d8fdaa5901339cc

SHA1
7e65d6567f99031e14178781b5beefa31df897a5

SHA256
7ae2c953fa35f79577d0ba73cd4866cc0323444c7fc31286aa04892074436ab0

SHA512
3aedba354ec995e831298c62d3e146cac1b11467d363ff9086dbff37e13be22a590804078c2d24cb4680ed4bcb5402e41c1bfd8de450f3eb69bcabbdf7cecefb

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\cachtokn.dll

Filesize
19KB

MD5
519b5ab43821f221e651fe7e9fa8fe6c

SHA1
3fc046238f6473461549457c4920977cd366a793

SHA256
876b50cb5a4d9c5b914acc9ea9e02eb7220b93f5b5c04b2798d39e98833542cd

SHA512
26a2d0a6b4efc5d9ae783730f71b39d62288867d4271d54cc82a94e79ffd2c43a5a950691554fad6d12914b42584968ea2deb07d0531d1b2927128c011bc0875

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\cachuri.dll

Filesize
19KB

MD5
34a1b931268f65aeb10dc772d9985b5d

SHA1
d1c479ae36a5620d9e8169f35cdd3a87a0acbefb

SHA256
c079c721e764befb69ed13c854c763c88cc0c6c0c2b8bc579362540d76610ff3

SHA512
60a97ee1816fcc6b566796157ca0616d90c3a78a8c58fc64b3b9a3d703ce5bb9db2656f119f83fa7d1bbd6f20fe38ad5c8a130af34a9fdb644acae37c234ffdc

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\cm

Filesize
1.0MB

MD5
7be989719e50fad1547705d953f2c8ea

SHA1
3ff15099ca8bb2c7380def1f2dc83d7ffe98d903

SHA256
a530fdb814d03d05b85c82406e9cd2b61d44268526c85be1c84d2254e24b8990

SHA512
a78e881286f4cbc356656a9073141780dcaccc347a4c9218abdd45e72b5fcdf4d5cc100d0fb11c9e0091f328d64ecf0e858d890861526a4a6efa77b4ab935864

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\compdyn.dll

Filesize
39KB

MD5
d094bb39252502a86489342288e26fc0

SHA1
6b1c1fe1d8e34653401552838504fb53258ae746

SHA256
cf6010bc3d11897fb9fa05ca25440985c1a405ea1664e22eb763eb54c5ae6335

SHA512
993fb4798853d67def056116c700d28da5075dc42467ceeba033a4b2963f554e0046d4e89ba3997be95c07049da98fbb8bf92897b2702500151aaad67f9c13b1

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\compstat.dll

Filesize
48KB

MD5
b77db4ec74ac642f96413662c756d53a

SHA1
39fd6c75e01bcfb1cc38e4df7abdbc466b77f023

SHA256
85f9342f2455ce78d2b469cf7ee352cc907a62dcaa6a4f5a9f9bf79ea4fbedb3

SHA512
81b505c47a844a88808220f8eb376ab344ab8f1a9921a72e1068a0556af07227836d642f40b86ec9e7ecc7d67a60155c8990b9c6be573c96dc88379127b0e4c2

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\confdesk2.DLL

Filesize
37.2MB

MD5
4cb7c2348f793c970a02fc44a5cf7073

SHA1
b38c284c676ff95f5d9f98e5e1c84bd0634c2f6f

SHA256
db49c20b79a5a4ee062d7b5b2d08a5de621a6692fd08020daa6dc77872c36a6a

SHA512
406014ee550ac363b7d67bf276a3ccddc850cd8659ebaf04b25a476621066cf38c0db2819195fd20716cea59fdaaecd9508174593316da8af3ff927ece44c0c0

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\config\schema\ASPNET_schema.xml

Filesize
42KB

MD5
e468ce6283abe72dcf36e980fefab6c4

SHA1
33d77474d216887fa75134031f258e86cbead4a9

SHA256
22ce0db2574edc4ffc579f9027ed0b9e48bd94123957c4aa7138540f6a367bf5

SHA512
2d25698168751f75e7f440f72490ef39dc9863a678c1465b64b3460778c663fb563264e957e3a05179811d61e1f82ffe34091275bc56609c5e5bc911754a31dc

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\config\schema\FX_schema.xml

Filesize
26KB

MD5
69e6ad72be2fe58d35a75db456d03737

SHA1
5923f931d77e4a818f8193c57903171a011cb7b0

SHA256
211300dd0b6322b721ad72e5d46a83c14ab2335fd6822d70ced9da24f9fa4846

SHA512
e04fef25696e3d03e330901556d26997882b3b1c6e47eeb3953a456e1949176d77f04ba9740c1893e2fdfc3f53f4e3259e594ba4fce8f66f543ad7826b3d30b8

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\config\schema\IIS_schema.xml

Filesize
89KB

MD5
c633f4c86558a29d803e7682031fa304

SHA1
0d251d198a706cce48c338e49c08746bbbbb8fa4

SHA256
4b1b02de1d2bb8717e17adcbecfdc029d755363f785246b4cd983f5a5bb52675

SHA512
cf2b54f45269fcf637624038319a982b306e97fedffcd143834a1d4336b58a003fc6a9b0b11c91968bdc8c5288f843108faf83e5e265a33751d7b9e2c350af87

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\config\schema\WebDAV_schema.xml

Filesize
4KB

MD5
9f2078825a10833c33f8bd0c6f035f7a

SHA1
853c51d878659140ba71a324dda719a100f1ebaa

SHA256
a2789da1810a55df00ce874df17512caaa80ed9803c8ec1bdc31e010d5c9fc61

SHA512
4214c47663214fb9286dab3bce85e7123f82036a0021c4818499ea7b211ed6b0d8f30cd4204924bff6242fe52e0700db970c267a92a3403e18bf210af8e2c3b0

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\config\schema\dbmanager_schema.xml

Filesize
874B

MD5
d985e179e02448516762fb4331a38c33

SHA1
6e8988adce6673e31cc288abc3deb15538038a01

SHA256
1c04b2ad43e91dfcaa7feb4e1b6532e466df077fd040c5d8d4e3203a701c17f1

SHA512
ef1cabd2021323d479b0090157880d94a1456d6f9f2393b522ec8fca154f84dae7897115686cc207d13689a58d889b48b9cff1cbdaeb8c34bc5032564711fba7

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\config\schema\rewrite_schema.xml

Filesize
14KB

MD5
d4683086840df32aa286eb14d593a995

SHA1
bcacd5093beec7238c6489d08973094833a3e181

SHA256
82d771e3325fc799a6eca926b4863c1335480f4acf1903d66ae674b6da4db441

SHA512
b901d488d52ec12c365cd723f51b0b466b80cae1f0b357a545b31fecbf3c4b4fc46c5576ea3a9507920c5b38e11fff2ac3a4df3fcbf8f00b4f8d2de7634c7e20

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\config\schema\rscaext.xml

Filesize
8KB

MD5
0e079e0aee2da4eba745e52ef9554064

SHA1
4a200047b1d4ebb85cb75132764ac2f07d9ef077

SHA256
c8a66ca88845de3f73196bf22f88c1e3b68c05b6e3e6972caa682af2df557275

SHA512
55e16a37b4bf6996e49e596a2d3f0c7392c96750add102b62982631cb63ba205036a5e6d51bb0434c7487587bccf50d4dc60467ea19fe81422c6fdd5e3fb33a9

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\config\templates\personalwebserver\applicationhost.config

Filesize
82KB

MD5
ccd508e4e9eeda72ae6ce58e45883e50

SHA1
e1b96c03af99ca61bfd648574c84c34736cdb21d

SHA256
7fcd5dc6268e03315ccb408e0332b99b4f09e0143c18d2914547dc4b5ad9f3c4

SHA512
8f1e140e8ba20bd817acfd56255e1011aada630ba5cacdea95c3db32114bc342c462f0778de3cacd663d717feeb31a9653f97d22aa93f2ca8b37f8f908e138eb

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\config\templates\personalwebserver\aspnet.config

Filesize
1KB

MD5
494066d0a081130639ae0ad93870eee8

SHA1
1ae55a49d67c50991c91a7bee074f422300d0d07

SHA256
3145ba33cbfd51fb664f59e5ff413b9eccfd06c25a94c6edd3ce94edfbd1a96b

SHA512
abab23e585bcf8f04fa0d5caa6fc614e93a492f12dc72354b00eb75f83209a1af601aaca6ab50c88cf9464354a37eadb47f2a27dfb64c64fcad5335d4a1532f7

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\config\templates\personalwebserver\redirection.config

Filesize
490B

MD5
fae8b31a62ac2e5b4a6fca5c368708f9

SHA1
3cea4149792664996ab29775df57d9666ed3a0b9

SHA256
fc14cf7ed10df61cd9e94d530796b9c6e5f89b09ac977f42a2a496950a3da6db

SHA512
189a3a83fe3560d5b24a8cbe5196450afd66aff19650f1739fc5f60e19b4e3f9034ec80700f707cbda6620f1953b4d112a38a5affef41d07a2b50b190cb93e3f

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\defdoc.dll

Filesize
25KB

MD5
a331cbbfbeb2ca7ac8cbfd48c8139d13

SHA1
1a0ae70fd4bfeed1400b94e19c4f600d36c174f2

SHA256
e5f9edddee56b329bd1112a70e8094ade00f674522e7f9eaed9f669792f59ec1

SHA512
13866f41d2b0e49ac5284346b712abcefd0bd700994a46e93e317d4690151de56bd663120a9a7f216487bdeef89a6d51ae1aedd5e27a6f4e0b096f2b2445597d

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\en-US\iisexpress.exe.mui

Filesize
17KB

MD5
8d8268f2fc0b94c76e51c57818bfb4ad

SHA1
feb9363a69d53c9409b4672a5ee0af09d7347451

SHA256
e2dd759992ee3246aa3fba2d5e71f5f0f660f6da95c1e55fc61454a3ea63e4b4

SHA512
1f29f83d8204f8060c6c8f727c3fd2d3400e13f9cc3af2464dd021770e2f8691cbb1db14b96f01843e4ec6ea9a7c1d34d56515cc578380159ff3390f9ec1f2ec

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\hwebcore.dll

Filesize
23KB

MD5
7e3959b29cf3d915745af66a32b8b1ce

SHA1
b3ed8a6ece2c49b634a58b8bde755c196b04fbff

SHA256
0f987e5608b7d2f4b0e4fed8b03dd345e27e95fab88ef8e2ca586e1062c55dbc

SHA512
3be6b59ba8ecd112c22615981d36a2ee461c067e45ed5693f5aa7a03ba12aa41389dcca906c48f8a668e750f4be4c50619d996d5ecde3e420d0223fc52681d21

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\iiscore.dll

Filesize
232KB

MD5
0e3ace6da2b3cc161c08702e2acfc73c

SHA1
23c34d816e2573cec877d90d7c42504b1c78eb6d

SHA256
bace10b8f5e1ae01b7ab0e95211a7b2a8322d441015b535b988123239883033d

SHA512
782a23bbf0da9e54b6fb68e04597e836a82832722865b2b7463a072a00e699426945b6d9d232946788395406b157e9f1f6f57e4703b4caca066f07966f07cea0

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\iisexpress.exe

Filesize
156KB

MD5
c6629a331f79f47d03eab2fd816ef978

SHA1
7a77327386ede5e4a24b6a11105472e6b28c70f0

SHA256
b7c291c39b4737b68bcb049d7daa64495d7d03ae25cbe77e6737ba23a94e40eb

SHA512
62d634c1519d583752a9accc905c071f62a776de53a54cbb866fee1e17c189e6772ed596eece8282441e8a4fe27e56544a301f8c6a5d806cc89989a6eaebd4f8

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\iisnetwork.dll

Filesize
13KB

MD5
39237ff00da0d88fd065f3df0b3f28de

SHA1
27344c0eec81678fb1b59bbc339449e1dd39dcce

SHA256
9a0811f995e975b7783b842818a595ae0c5b2462d09894255691291513c3ef82

SHA512
61a83a97124703d1132b2f730468cdf1e94febbc51e26bb9e7cec15dd6d372a4a343e379d1061f88fcf2f6c2811cb74880ccf91516c75b40b00833dc07e70e54

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\loghttp.dll

Filesize
36KB

MD5
1fc9bbe5dece63d2a1257aaf36a5dd44

SHA1
8f4b4afd8792c2f3cf1deeb5a580067dc7e933b6

SHA256
d30044ad6b7e0da8ac26eac621ca1aa1d05a4fb1444901b47d7eb6c37d4ca64b

SHA512
e9a19847711a64209a5c99dc5e57acaba346141f7d4fe31567d6d09b186824e2a3115c68ccefc3b3069e6b34dbe68f1908f9c587af01020e62ff9f83de205593

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\msvcp140.dll

Filesize
424KB

MD5
a1f7dafae09c45a40a57e32c0ae4ad8a

SHA1
e0cbdce0f806d3784d7dd4cb8dc738969a1803bb

SHA256
c4c120a7770537bc50f0c9f6705d8ddd5111461427deaedf6c380da3feb08660

SHA512
46d382a13982568ba4f843ca3b5aedbabe237824bd55379af6230a08db19f8d08fcd45617f1f084f4dabc965a1fef1cbe0a535dd47a58f64ec19f298cc41e113

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\nativrd2.dll

Filesize
387KB

MD5
e75e12599eee72de1199fb8b5763bedb

SHA1
34b65a2c8b9e2d0273629ddd33303850cf138097

SHA256
20f041fff889ac502dc8fa11bdf60d9e77cc7b53e102f9a304aba38a7711f5b3

SHA512
7cfdac6379e72a8150c64d9e2b113e297cfed1dd357e0d0691fa39fc5bb341a21c9acd6b84304c71c22f77a9723193702d28b9cb4f3d55d314f330a24c337eae

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\rtinfo.dll

Filesize
22KB

MD5
b30665bdfd7150551f93cfbbb0b99860

SHA1
1790ab5339d5f5201933fcce4571c8fcf42ff0a0

SHA256
a5d23937a7d7af6d250dcd7ed8646c9cd984e0edf9100293cbe915708b64f37a

SHA512
15bffe5f72ac65cc76ab9adef023af9cbf676531f43d44dc2020bff4252ef83dddb46698949802ddf3b671340f7f187f862a92442ead7c461633d17f93fb9a1c

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\vcruntime140.dll

Filesize
72KB

MD5
e47cfc21a245e3da0cafe1471019785c

SHA1
f6da6c9ba70b928dd2e493187caff2e68216b12a

SHA256
4f279bb654916085037e584d9af6cb3027c146129ec5c62ea78c82f8cf6756b2

SHA512
d450a3e984971ac1dad241d7d39045057de70821fcfea88995dafd223d3e561eb5a3d8fd9cc8b1c97eb3e173cb6ee6fb8eafd1ffd06575bdba77c804c53c474a

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\w3dt.dll

Filesize
52KB

MD5
1b75e03ff0490696d8719ee7c0452a08

SHA1
8f9eeebee57d893ece96108ede547a8247c7364e

SHA256
6a6864cf05f724d423fa44d4a300289f82803e4745a4f724b829cf5ca1a011e6

SHA512
d41b848515b30c77c631e0922d00c178aa32a12a43841885e39688d07061a7d7c3b11c6fcb916f2b3892e9131f17c1b2d8b6324075d3d1f8e019b9676af710d7

Download Submit
C:\Users\Admin\AppData\Roaming\Plex, Inc\Plex Media Server DLNA\w3wphost.dll

Filesize
76KB

MD5
ad451ecb7126c41c905bfbb5d8aa56e0

SHA1
e3c763e272b7c4294b5bdc09e7df82d3bdd0d249

SHA256
19b769ece6d20bab650ef4477f8254a2cdd643f10debf1352ad15196c9548a0e

SHA512
12e24b0d3c22215df2be17d477c0e22b64a039b7ce95a170f68dd1d7e323597d9583c379c8dfcee669b204fd1054cf6249781c0ae48d2075849b8e364e3eb213

Download Submit
C:\Windows\Installer\MSI8C90.tmp

Filesize
398KB

MD5
17176a775551160962b2c022fe61b616

SHA1
12ad6b0cfa2643bfaa95f02a2a948cae746aa8ec

SHA256
a0f2f672e3599f49418d54e2a54946d49c63463254540ab2c7968022b65daeae

SHA512
7caf1af37c82d45889e433ed98514ad7fc330515c6263956869bc93c3e38f8fc9ab9ff8f7f3e85570566f0e0166eb5328c478aaab7d0057f08abef23bb2eadcb

Download Submit