Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 23:15

General

  • Target

    beb4c0c6486545826c2ec5fa5ba44d02abeb20558e55f47c51366523cacdde27.exe

  • Size

    6.3MB

  • MD5

    6e5e1bac0fa5768a191bde698e4832a1

  • SHA1

    9182bc5888b5b64618521260b1aa1f0daecd236d

  • SHA256

    beb4c0c6486545826c2ec5fa5ba44d02abeb20558e55f47c51366523cacdde27

  • SHA512

    6ae6f422930c3d54bd88d86746d4e6027c280c3a3ceb5f22089512e8da10aad1cc1c7c1c1c524f67f490d332a452d039db88481e97a94d90cb75edf4db09094e

  • SSDEEP

    98304:FH7CgqLPRPYv7cZuwYx72XPo0+X86zVwE+F4mTE2h0ysdrPVX+wyDz0CQJX7n+EA:p+gqLKB2p/cwFFdQA0/P1y+x7Hz7hyys

Malware Config

Extracted

Family

cryptbot

C2

cempqe34.top

morbug03.top

Signatures

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

  • Babadeda Crypter 1 IoCs
  • Babadeda family
  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

  • Cryptbot family
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 11 IoCs
  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 11 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\beb4c0c6486545826c2ec5fa5ba44d02abeb20558e55f47c51366523cacdde27.exe
    "C:\Users\Admin\AppData\Local\Temp\beb4c0c6486545826c2ec5fa5ba44d02abeb20558e55f47c51366523cacdde27.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\adv3.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\beb4c0c6486545826c2ec5fa5ba44d02abeb20558e55f47c51366523cacdde27.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1734736277 " AI_EUIMSI=""
      2⤵
      • Blocklisted process makes network request
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      PID:1460
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 7DFC471203D0F891DEA42056B7B686D4 C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:624
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding B63CD0FC492EDFC0992224D70F85DF29
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:616
    • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center\MNS-Center.exe
      "C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center\MNS-Center.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious use of WriteProcessMemory
      PID:1016
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c rd /s /q C:\Users\Admin\AppData\Local\Temp\QnatJcBxZ & timeout 4 & del /f /q "C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center\MNS-Center.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2356
        • C:\Windows\SysWOW64\timeout.exe
          timeout 4
          4⤵
          • System Location Discovery: System Language Discovery
          • Delays execution with timeout.exe
          PID:1816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f76cb7d.rbs

    Filesize

    24KB

    MD5

    bad6a0d89ce1f7d658786a1fa178004a

    SHA1

    6fe0e6899292a7c1554ca396a963957e3f2d6592

    SHA256

    2d3ac07e820121680a812fe1ccf20fbfbd8c1011c64249f3d98739f8088ad674

    SHA512

    e03b6ec1b4f51f214e18fad5ce1a6fd49aa15b614e06949bde9122e4f1bc758e01041ca9940d655c0db80d2881374ddabf1fa3256295dfed78276bfe15ffc900

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dd1c077919aca8818572d63e9c219b8e

    SHA1

    24e162a9b70a542cb175a32245016fd143f56930

    SHA256

    222bdffd87756c23b5a7eb9633cc92fdfc41c828894d17cf1d3ac7f08070b963

    SHA512

    0afccbbc119c88b9eca84ce7ec4a73c2f9bbc7f797cbb40ac1a66874af032f1ed999b778dc3991588f948ba50ce8cc876c33b955a8539cd9df8f8e0f76c9caf3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    24a18e724ffedb04702e9e59766ebede

    SHA1

    5c345bf7a06a5d5171fe6ab121e4ac35c617b13d

    SHA256

    980723217c62250ccb26c481f91388098758447ce4186376eeb6c601714f02e6

    SHA512

    8fe21607a16605af58754324947ce7dce555741ac21d0f7ef9e1a3c204099d05fa543e9b1bc955e057a23159c7633026dd91d8c467418780c9bea3b3a08c87c1

  • C:\Users\Admin\AppData\Local\Temp\CabC718.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\MSIC8BC.tmp

    Filesize

    391KB

    MD5

    a32decee57c661563b038d4f324e2b42

    SHA1

    3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

    SHA256

    fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

    SHA512

    e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

  • C:\Users\Admin\AppData\Local\Temp\MSIC968.tmp

    Filesize

    864KB

    MD5

    4e2e67fc241ab6e440ad2789f705fc69

    SHA1

    bda5f46c1f51656d3cbad481fa2c76a553f03aba

    SHA256

    98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392

    SHA512

    452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

  • C:\Users\Admin\AppData\Local\Temp\TarC72B.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\MNS-Center.exe

    Filesize

    5.0MB

    MD5

    2fe01a6d494d205f331fb642b9950923

    SHA1

    e48de2723c90a00085cf124c09ed657abeac660c

    SHA256

    8f4f282f4cc4feba2b9e9abc71d164f911649616e8cd1573ddc7881f7e99e235

    SHA512

    5692d43540c14c3e49183c97f2eabad1f0a7dc4ef254a8106617d5ea76cac8f614735674a874748e871513cee997a8d5de993dc4df224be29eabd3e40a18be8d

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\Microsoft.Win32.Primitives.dll

    Filesize

    20KB

    MD5

    5b2b93ee8801c83b4e652c7fbabf8c83

    SHA1

    89a8df867ccdf916881234db9de45ed4c57e5b0b

    SHA256

    7a1462297eb910a44c35062e021723b5553346407dc52cf013e78c8be032331a

    SHA512

    1d3f06f8bd04e6b85748e09bdd1e5bc6ee14f4bfdc9cf426fa76d3a268fa537557d7ad4fede1ca2e263a2462272bdb294c9d907e6f7579c60cbaaf1db41a41e9

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\README.txt

    Filesize

    8KB

    MD5

    7539e219a0d2331524b97605c4fe641d

    SHA1

    718d7c209915ff4944a81ef38701542d63ea30e2

    SHA256

    3f169438204953468391d382ca1813c54a0301b733c59bef9178c2d55e9e7e0b

    SHA512

    c8886ba4445e612bedb7c9f8b8b7044c016ea45ad5f80b1a9082707a2b7c5334bfe6b7ac8df4c2f603d0bfd1dbb727691d65e3a6c14acc78104b869c9bb97dca

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.AppContext.dll

    Filesize

    20KB

    MD5

    82e7fd917dfd1bda64ab990606d90bdd

    SHA1

    ab92034645c77737b6ef482e18296e896bea3751

    SHA256

    f0857a7c3737b0e80d9b4a9a986acb69b0d18d1fe0adc3b1e05d81f02ceb103b

    SHA512

    81ab0c3a10d64cdb0bb03ff65a10c3333d5ee91f21404acec41eb638a9eae77d38f00f18758d4cf8480910905d677349c71e762bb44a1ff4068084d5205c6f51

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Collections.Concurrent.dll

    Filesize

    20KB

    MD5

    939cb89fbb0da435b9528d9edb3feab0

    SHA1

    3825f2b13d43f34330bc278aeeefbbbfd95239cc

    SHA256

    9c887cfd9e21e9ee31ab8232248059b677f9a3086b033d38fbad053b4f20bc25

    SHA512

    4159cf39f29198942245e3a16a67e8b3fe54e871af407291204b5f5df2a76c2829680ba0d5bea261e31335bab2b6b8afa5a895bf635e515c94059a122dd36a1d

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Collections.NonGeneric.dll

    Filesize

    20KB

    MD5

    a3fdfde8c2f6259a3da55919679dda3d

    SHA1

    a36bc9fd0fd5319a36c523ae0c565e6670e6a403

    SHA256

    0f63c8b909689effec4c17122ff4336a14cc9c296be28d6172a11c5d8bdd2ffe

    SHA512

    4a917ec7f626d85cd24ed5518f29bf8acc546d34b8f86a2cd00634b54ccb5c9bc7725707ffb42c08d3ff008abfa5ffef07df3263c13c0796ed7e8f98c6200832

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Collections.Specialized.dll

    Filesize

    20KB

    MD5

    f72152d834fbbb9c0d70a2822e0b68cf

    SHA1

    49eca7ac3d34ce69a1d48c0be56cdd13995adbb3

    SHA256

    ce3dd8b3cb2bfbbe5cdd1a339e593ad604f6bb6eb4f981555a3f53257609c8e5

    SHA512

    3b8018450aa7676a35fdc8bea1997d67e45e945522bd7ac963ef0ccf574aa6df67dbd85c8773d704b0daab05b20f6d79c2ce2a42f10610f73a303246d44078bf

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Collections.dll

    Filesize

    21KB

    MD5

    4a264d07346dc69303bbe6e26e049883

    SHA1

    e093758cec19749f1d92b280b42aee86d4224fdc

    SHA256

    e256940626e265de760586937ce5ed2a45d9b91c96e1fa768f719682505db5c2

    SHA512

    d6cf4024cee7679b73f1b9aef749728a3c0851934016ab391315c955689dfa3595a8f6e2a9580244ace991895b4e255a65977490264258bb9f3c98f9370b33c5

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.ComponentModel.dll

    Filesize

    20KB

    MD5

    4f167e1cf791cefa55fde1949dde7d2f

    SHA1

    08badaf0444ca34230d82af4590f44c7ade78533

    SHA256

    df1a7bc429159db17be8c79a2dc56c0fa54c6a7e5174d5082f7ece9b67a4f982

    SHA512

    d804f60f3d2b5891eaa38ff683194924a705aba371c872e8bfef2325c90b7bf910851cbe89cdfd0a66cb1bf801bc25c92830b37947a7e60df8fe6bdcb53de15c

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Console.dll

    Filesize

    20KB

    MD5

    564d1a61bae30f01c20a5808e8f7a82f

    SHA1

    e6039eb23d3a10ff31e40851ef0dd594c5689712

    SHA256

    1ca9706a4593bcc3b232efb14d2497812ab1797bf112b16665c6674c42fdc061

    SHA512

    c546a8d4dc852d133baf576e81bfca16763ca0e94c964d657cedbbf3153c64fdbea79329fd2a9d7ff04a0f28720a61e6d0255f8db91ed91dca2f56aaec5b5f4c

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Data.Common.dll

    Filesize

    150KB

    MD5

    689b12c7a06ce496f0fe12fef990b3f6

    SHA1

    01b2a93bc4ca69818d3bc9a7b5dca58cdb5380cb

    SHA256

    aa69eebe18cf7f7b19d8523703c73e4d2639affc76babbfb2ce93664bbf06329

    SHA512

    b4fa3f0b9949626f7db9e6dd5259c52683a2e0fccffec222b1bb8ba086d7098cf580f887456753e80a95d248748ab59fcad59eea68204d37879af099cadcc3f3

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Diagnostics.Debug.dll

    Filesize

    20KB

    MD5

    cf668ba196134d611d7b4fac0b571e8d

    SHA1

    2a960aef8bc74c7893dd225398298ce8b912ab10

    SHA256

    2769f8bb522846338bbe9aafb10381f64fcbdfbc6929a848463b8b9857f1d4fd

    SHA512

    302ca14e3c1985f34656c48dc175951d27dac6696724f9db33c0097314aba677f244421677ca1a5949a7d7a11077a0f564142d1136998127c216616f42abed5f

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Diagnostics.FileVersionInfo.dll

    Filesize

    20KB

    MD5

    54ba6e35897cd238118b745c84d579e6

    SHA1

    07a9a5f273a65796ae77416a0d35905e949e3257

    SHA256

    a354569ac90b53002c7e447d72795013eb20c391d01b73197688057d07bcaa42

    SHA512

    2f2fb02c76bc1af89a6d97b8c0b9c2a6b176f912d2d76e3acfb5d5cf4741e58f6dd1335bdaf626c7bc92c256eb353d534f718b59e4e52bded9907e604115a5f4

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Diagnostics.TextWriterTraceListener.dll

    Filesize

    20KB

    MD5

    2967113593429927e7938d95b5d3471c

    SHA1

    34a84e6878172df939f9748279490e1eb4533926

    SHA256

    d8631076802f2e9b690998c65d8e7f0bede7a772b3c04e7cba5f3391c395a9e1

    SHA512

    502295d8eec6acd1c7e7f4f6759bbbfbb452b7581b9e10cabf0b9735737e0baa61bba0e32bb4688f0ba43fef445e5728c7001a9a364118c13eac3d3332f13e3c

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Diagnostics.Tools.dll

    Filesize

    20KB

    MD5

    bd36e482e5cfde3c791e62143dc5deb1

    SHA1

    32fb1bd024be0b7a2af182739fd384bd74610844

    SHA256

    d9562ec4dc0430ff3ab66a5d0238b72402ebdb17ceb31eebdb1daf91768c7d4d

    SHA512

    6e128b3bf3850c1972fd8fc8cee4d82ecb7dc98fe7c5a8b887523011dc270dccbb99a0d5496954c7a156ae3c92ff3435d30c0a87768e2dbcbbf8672b9e68cfce

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Diagnostics.Tracing.dll

    Filesize

    30KB

    MD5

    e338e2a9e8e3325d696dd18f46a6d82b

    SHA1

    eb907bd53f78b91e5fcf27fd76050bd682d80e0c

    SHA256

    5052b3701850537611da44858a0a8feb4b4cc936cd5bbb95b64cea4a987e5860

    SHA512

    ed015b37851138a2e503bce8671ac81d158948cfc3e8cde9ab751c8264cfb1da56b1f02fd281921b3b0e1c1f42b7b5cf97360c7ee263555e21fc51ea0162c4f2

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Drawing.Primitives.dll

    Filesize

    20KB

    MD5

    61b6fc62c4003ce711377a97cede84f5

    SHA1

    3b8f870b0da16bd6bdc6104aa44d036b24b61ac0

    SHA256

    2ff0d64f6d9bb38e15208c4d632c767a669a68e6b41adb0f27d99528b801ee3b

    SHA512

    611707f5d54dfffcbe5cb58204c925cab6ba488ffbd82a5c5efae9d1cfd10cd32205e5d05ead2cf7f8a3f5b392ca7538060a87695be40535d6657542b2043ab0

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Globalization.dll

    Filesize

    20KB

    MD5

    a25d659fff26c73b2f34ba6b92c84551

    SHA1

    69e6bf884f40d6d78e3c4f5f1d0103a666931619

    SHA256

    f4e9f919b625dcc6e2a5d0c76308543c71b7c3a6314a138058e7fa9f3426b3ea

    SHA512

    7f5632cf8aaa380e1f7c76b54c1efb5cac0412647a0f2e1986af07ed9dcf89b8c4563178ce79e54ef283e487706f61c156bffdd5a4b42317b39d74a92e236bb4

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.IO.Compression.ZipFile.dll

    Filesize

    20KB

    MD5

    c4c4e310f604a98404f756bbd2d1fa6d

    SHA1

    2991e215a479ea048cb53f328b740db610547b75

    SHA256

    1209835143aa950e64cb9d28c565fae7f7df5278c013af621f4e689527279bfc

    SHA512

    f498f05bb85381cf9f91cc0a60eaab8a4798772ce18cf8c53329061fa461582a970b37d3578a800c80d8c87d8954d976213ee587894de51ac1ebd79422ab0f1b

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.IO.FileSystem.DriveInfo.dll

    Filesize

    20KB

    MD5

    ab0b6870db47e35d54bd1809b4c60466

    SHA1

    09beb5e11a689205694dc3ee3bdf6a66b6eebfb0

    SHA256

    f09acd2d42983a7683e34c772e73c02f542450b681852836f2472d6977b764e7

    SHA512

    ed24b929666268e6a959bc2331e46cbaadc7a9b38e3da10078ae5d8ffff77a9d8d1757a0bad1fbc699156bc4471948f008b624c2a6c4eb35b58fe4758eb4199b

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.IO.FileSystem.Primitives.dll

    Filesize

    20KB

    MD5

    f764b511af044c89927070d413f54197

    SHA1

    fe6726705fb76bb64c11c787599cb044799a3f6c

    SHA256

    00762994e600cd4db1ef21c7161d808ddc409cadeca547ef49553f3a4d920ed8

    SHA512

    08dbc68b3ed5b519828537fe1c97158eff6754dcb219001c65c1ae344b2d8bbd6e3ac19c2d34977a23f36da3a67df8f9e94b10780cbfb826bd4e448960d765bf

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.IO.FileSystem.Watcher.dll

    Filesize

    20KB

    MD5

    6ac5596f4aeb88842716640ae1047045

    SHA1

    fbf23bf89732b8b32cbc123830f20b2c2147ea60

    SHA256

    f875e323e57d704f1b17c84c7bc50f0d1ffcb0bed08c5f6af74a60fccc04c3bb

    SHA512

    ecb1f8d458e3f6b14d9086772f2f0ed33bf00f7f9b778f6896eaa45e38bbef493184f2296ab14588f3eacd698a5a96fb8adee6fb944a1553d50713bf5227ffce

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.IO.FileSystem.dll

    Filesize

    20KB

    MD5

    5e1824522e05f3612bd8c4f599763a86

    SHA1

    3372d225504cf30df6d3fd0e9b70f07ba34a8166

    SHA256

    ebfaa7aac28863225ca4e55305c2627239841d7e0070fa4567e1aea6eca6fdcf

    SHA512

    10234a737a12f25ba52b64a78cb9fb457fe10f83707a0fdc85b0ce357c6ec3846774cdf7476f427828476d12639382d2f20e5e69f863b6d5a98461ffae91e239

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.IO.IsolatedStorage.dll

    Filesize

    20KB

    MD5

    f37c2957428bade9781b58f1fc32b576

    SHA1

    94ad0c9e7b3fc0b3c56ac7574f429a43e6db67fe

    SHA256

    b7bdb4930cfd82361b2f59c164aac4687798c72e3d0e0c73d21ca7516f19adc0

    SHA512

    301494cd941a5e4aef6ad7d6f02edb13d183625d18f240a37bb9b7971d166ba4c8c38da11c05a9d9080defa0ab1a7057dda47e98eeebafda01035339e380624b

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.IO.MemoryMappedFiles.dll

    Filesize

    20KB

    MD5

    a58039e022feca900e6db589672c7ad8

    SHA1

    804333e184d8c7f306bedd5a86e9134461c0226a

    SHA256

    841403493c0b651bb2d78d0befe912d438ee60e406806cad21b9a30f227323b4

    SHA512

    1c4cecaf1579f0a67ba18d0b7ad50edd2afdf16c98770e801affaca358a977bd2108327723d4173d95b5c86fe8bd6cf0bb6aa2dce69c84ee5c83049ec07ad88b

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.IO.Pipes.dll

    Filesize

    20KB

    MD5

    004cc9cbffb46f50c1f037002c3655ce

    SHA1

    86947f12790e70bafd4c3f72cad8e386a6015d04

    SHA256

    0f387e9591a5613ef02da3c6d32abce4f9c3e1e577a3ffd0cef85c345a3fa1df

    SHA512

    69d1545c912d82d6ec1eb928e16e0c1d45c9a04e980adfa77f7a764a7f5b642c91b9e74ffa3e5a33343453bcaedf0aca31258f78495cc3c10e771ae1e917e7ac

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.IO.UnmanagedMemoryStream.dll

    Filesize

    20KB

    MD5

    64abb65b37b941b10b119ef32531b50a

    SHA1

    9cf171c463f11575fe0a7a507101da6177cd10fc

    SHA256

    a0c98af8925ac0ab86c1f768f9ccac1cbcf19027b23814f64860d3f28b686fb7

    SHA512

    a5708fec9d02449409a931b8fd998fc27f6c7ea2a0f32a7a73707550ec298cdbf5ab9ee13388c5a01f6f3ff9e99fddfe8cf563c6f8e55f1ceb55139c1178efeb

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.IO.dll

    Filesize

    20KB

    MD5

    18a32afb2c4d9638bb0bddc1dee60788

    SHA1

    1e76b32a88cb2fb7bd0caf962636058426dd6230

    SHA256

    f534d81c3f035c5b91c303096c4dc5b4d46f6d75ad5568eaee92cc9dc6aa75f3

    SHA512

    48121a28644b8d46b2ffa129dbc3061712eb6377c6b1d76df577fb9929cd1c48bb0deecb5bab1f43293918f3b7f453b880b4fcefc15019b4dd290ae36cb71c88

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Linq.Parallel.dll

    Filesize

    20KB

    MD5

    0f96d351df2db95d86d9615372df8872

    SHA1

    b300ac53ccebc21cff5ae5c2d3c4478b1c9db93e

    SHA256

    c1972d6526d942152b3c205f87cf6628bf4f8fd88a981fe013b198a4900e2a4a

    SHA512

    09fc6384f93da497ac0d51065da592f6b83ef488f44e684fd9593e5045b8c9ad184d4f2fd9c2a2193f816db7b7496988c41e9710c16709b8a9aeeadea3ea7996

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Linq.Queryable.dll

    Filesize

    20KB

    MD5

    ca8e88c21162e658b052f2427bf50fbc

    SHA1

    a173dfdd43baac0bbc27e95c271459de5c31523b

    SHA256

    04be42169d031482a422e1491701cac004e26094816ed472872436aedcdcacad

    SHA512

    b94e92cd99ca4545e4b99e85e6ab65eba2e92ee1c16e96087a3653f7eb7db5dc571e4f2ad031c5c130c6783f639397592527609e6d956ffb09e88913ae2c7c53

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Linq.dll

    Filesize

    20KB

    MD5

    6d6917bae13e128f00d95da1fd3f191e

    SHA1

    4c5ae1e9e7e4c8147f913c350a9b4561ca3f1851

    SHA256

    dc9ea055006a22a2faaa81b37d48a8ab1c98127b158181fd894388bd6c2049f4

    SHA512

    eabf0f2fdf1f29f425f04198c920451bb686a900931b9dfe418b62252c7d025936784fa0251fc7fb25809e4933c8e1f872b8290870c8afa2b24177750a24e105

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Net.NameResolution.dll

    Filesize

    20KB

    MD5

    9c8d0ba0d5584d68b837b2b868329895

    SHA1

    40986bf1baad251e5f0354479f4d6cae5cf51ab7

    SHA256

    f9a37021de5dd66a31fd9028918fee72dbefcf3dc031104947d9292689e3297f

    SHA512

    157458c0822ed6250dc15586fb52d35f9df6004352081982cefa250aeb0dc5ef3b59055019bb10dc20ea54c44d9cf5047daf993e95fc700521a89996e55e51b2

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Net.Ping.dll

    Filesize

    20KB

    MD5

    83fef456fd132f60466b1b89ad1794a5

    SHA1

    bd3a21ad93645f3b2000ad2713b63286f1f5892c

    SHA256

    651831ed441ef64e9525488f84f0d5dd9de0a613b47f3a45ddebf6171c4af49c

    SHA512

    b50382b10f05914e7f55dc70fae0ea8fa452ba68085dc7ad252b9ffc9ec67b1c28d27dd865966415a744a434758ef48e204d8448bc24059c8205eea2ad512c72

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Net.Requests.dll

    Filesize

    20KB

    MD5

    b74eca24a088f917b625e917acab96a3

    SHA1

    b3ee79e8506f213b931c87b830f08c4861434f8b

    SHA256

    a5721c2a206149f6355011d25f905ec849b1be5da93ead0f57df19674c6de24e

    SHA512

    42f9f419b4f9ba5753bef4b3000c42c336c1e1e15cbd4f9b0ccb7b9872066064f2fd144ae363180c89a07cfcd623ffb23cc599361d15034e3dcfcb40cf1b9c95

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Net.Security.dll

    Filesize

    21KB

    MD5

    04269bb69a23507c193e09a9deeb961f

    SHA1

    54d6d1e92686035e4239dde62de7e8d34eb92f6d

    SHA256

    a9fde0fc811c3bdcf5e9cbd4a9f35fbe4c220c5d21360b81ecd544da6166146e

    SHA512

    88b5996973b0d95809650c58b97e3f7372daaf7629be11da4cc341f350c09175babdabd6e746ed6e77375ce6728c2508e9da8c95b4476be3ccebcc0b3b4aacb3

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Net.WebHeaderCollection.dll

    Filesize

    20KB

    MD5

    192b51db4c98f1d0993ea87756b034b3

    SHA1

    ea53de8141e32303c5b336d71ac4a48a97497c73

    SHA256

    429c390dfeda03a75905e86f00f31f5fcd22e6794d616b5efd6b7fe2a899da3b

    SHA512

    498cdb92c068af61d7f7f7c36c0f8163b0c3e0ba2534d1b969d617fef757eb48561b99569905a36d8e2e51921f5e927f35a3e67f855f42926d445e103d2e5f9c

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Net.WebSockets.Client.dll

    Filesize

    20KB

    MD5

    d3d44494239810d5b1cafb5da5260800

    SHA1

    21ff3b3655a69e89caa6bc7b61f07ddedee66853

    SHA256

    2d206fbaa6d0a75ad897143ba882fa21af7449fb655783c03512db38948075e4

    SHA512

    0e8196e52329f4ea54adbb0a7b2c2c929f3a380beeccf0a202403b8cc30ccdd93307691e467488e7ab12eb958dd77c2d1891ab8bed4617adabac446cd6638bdb

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\System.Net.WebSockets.dll

    Filesize

    20KB

    MD5

    1f8ce5c9cd93883a1b57408cd5d098d6

    SHA1

    4a0f855c7214785ccb18a25d0eefefe763bb4053

    SHA256

    0be1550319e0d29594baa0ad061384e2433bbafba300a42888e0805c81e772f2

    SHA512

    0ea174e1aeaa6d0093fefe0d0b6cf830b5ad5b1ff61bd2486559f430dbfb085b63d49f2d93c6825544cd9e706e2f88cb4fa70c1b4fa60461ad3b7e6864980fa0

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\Warden.dll

    Filesize

    49KB

    MD5

    59391cfbee2a880611a8a77582f2824c

    SHA1

    41f8bc228a5988668ec8556cff1e9cfb107ecb98

    SHA256

    24f05a73da2e34c4ad3c67779cae8214c9f0e3e19a217f6a917e8d42abc42669

    SHA512

    a145c844186db28194417094e191e0f1cd225067ffb44dca32ef46bf70ef72145bd0132e6cf7f5d20c49e2ed94c8058c7ca4a6744cabf866ee5b97f2e568a4ab

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\WindowsInput.pdb

    Filesize

    45KB

    MD5

    50e869af7b21aecb7598627f9d90e3ff

    SHA1

    e1b081b0619d8a63070d2d0e78c0ce760c919e6e

    SHA256

    ab913e1b256c09628963e9bc1c20c8c20ef29b408289a4b2655293f3fd4e7127

    SHA512

    72ba511de08f0aa7abd3962d4e047adbe137d7048a251490b88a9ba97a6b96227b3f74a444a6c636331dadc5b32ccbf59d93b087045fdddcf80170fa52a0d7c1

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\ZetaLongPaths.dll

    Filesize

    61KB

    MD5

    09374c4581177a8c866b866f108c8958

    SHA1

    05f861bd4d4c038e8181e83a46e6e93bc04ca5df

    SHA256

    8af34db2c25f4387b878b2311ef60e74c4f83774c779689393199ecdb039baa2

    SHA512

    2099c97a43c59592c3af3ccd45551a883ca9654fbb1a1b98e4241693b60ef982f688a55488f394476cedcacb850a18361002179d383ea3a93bb98b31a5c0371b

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\adv3.msi

    Filesize

    2.1MB

    MD5

    170ed9ee927abdcd5de49e2705d30677

    SHA1

    ee14ebe731c34820d4f87a995c1f783b92be2cc1

    SHA256

    1338d376b46b2401ae24b06d18de721c0daed2919ffcdc4138069876235befdd

    SHA512

    cc827c365499cc8d1ad980348c9b10b5e6901e9d4f8f8017171b9946961b29ec9f4945e5712d871eb674bec5756a04bd423a672a90a93d855d6f91544c785eea

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\gdf

    Filesize

    521KB

    MD5

    8d9b7c304a8656d81fc92f4525463cca

    SHA1

    861966150b8a1fd68069feee33e8422c8ef56355

    SHA256

    c5087498fb59e6cee8ec8ea7aa843f1a2998b44dd476059172c5759c96039edb

    SHA512

    cedfd8c7c99dcbd77c814b18d82bc257def404e42e062cb8c643a846a19f8a9677e3e926dc3d2d2d58d08c72b04cb6a84e385c5e7a5e4e97f0ecb86114f35f02

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\librsvg-2-1.dll

    Filesize

    2.3MB

    MD5

    1585637d533ed01c71bf5ecaac8fffe1

    SHA1

    90626dfbe9fc63838bae220311a8bdcb7684a191

    SHA256

    2a93e0b0a03eb7c0fb87c54eba0e694f3e5a392625b0439304669308e263c66f

    SHA512

    7f49d7dea00e0334ad09d9785922be7f7b481c9e16942e147ece1a77163eddd226c12679a0a44f1f2e891eea81f3204721c01e28f8d27dbf038ac945fffa0038

  • C:\Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\C3EA3E0\netstandard.dll

    Filesize

    96KB

    MD5

    3501cf072f2a0aa167efb5e2370efc1e

    SHA1

    1de11fb25075e81250c4c47ad80265cc98c44c3e

    SHA256

    dad6aa523b80f2bbfb2b3838ade29ce6f4a7a634f66df50484f05a63905df60d

    SHA512

    66f5a62a3c8cfcd1b55f65b48134cd1ea7766c165722b303b73a50609ce8546d678acac292c999d5932112ec195a890ebb3645f5e44bb2c2ed951fa09b6cf53c

  • \Users\Admin\AppData\Roaming\NGSoftware Pty Ltd\Argus Center 1.0.2.2\install\decoder.dll

    Filesize

    202KB

    MD5

    831e0b597db11a6eb6f3f797105f7be8

    SHA1

    d89154670218f9fba4515b0c1c634ae0900ca6d4

    SHA256

    e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7

    SHA512

    e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f

  • \Windows\Installer\MSICDD2.tmp

    Filesize

    569KB

    MD5

    0be7cdee6c5103c740539d18a94acbd0

    SHA1

    a364c342ff150f69b471b922c0d065630a0989bb

    SHA256

    41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14

    SHA512

    f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c

  • memory/1016-523-0x00000000008D0000-0x0000000000DE0000-memory.dmp

    Filesize

    5.1MB

  • memory/1016-526-0x00000000008D0000-0x0000000000DE0000-memory.dmp

    Filesize

    5.1MB