bdaejec | 161b5a9456c3bdbe892fffec5293d0b44c6dbe34e120e32d06f9d209912a22bf

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
Size

1.2MB
MD5

9554b1bd8310387ca2622f7b2f19a3fc
SHA1

5252a01bf06ee27f83e2f1cda4472bba740181c3
SHA256

161b5a9456c3bdbe892fffec5293d0b44c6dbe34e120e32d06f9d209912a22bf
SHA512

16f38ef7866fdbd69d9a72da9c4a4af57e535b8b609955dd1ff05582313084e0a2ee7f1add135fd3e2f3b01e4a0d7a8bb49e1faca5fc02525b066b3f97f6e655
SSDEEP

24576:Bvt509XOA2NMW8NJiJ9A99JK45yWl8pHu1FxU5A2qH:BvY9XORNMW8NYJejJLzIu1FxZ2y

Score

10^/10

bdaejec aspackv2 backdoor discovery

Malware Config

Extracted

Family

bdaejec

ddos.dnsnb8.net

Signatures

Bdaejec
Bdaejec is a backdoor written in C++.
backdoor bdaejec
Bdaejec family
bdaejec

Detects Bdaejec Backdoor. 1 IoCs

Bdaejec is backdoor written in C++.

resource	yara_rule
behavioral2/memory/3608-416-0x0000000000950000-0x0000000000959000-memory.dmp	family_bdaejec_backdoor

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000a000000023c1e-3.dat	aspack_v212_v242

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	yBb.exe

Executes dropped EXE 1 IoCs

pid	Process
3608	yBb.exe

Loads dropped DLL 50 IoCs

pid	Process
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE	yBb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\msoev.exe	yBb.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\codecpacks.VP9.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\XboxIdp.exe	yBb.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	yBb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	yBb.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	yBb.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	yBb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteshare.exe	yBb.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateComRegisterShell64.exe	yBb.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	yBb.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstaller.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Calculator.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe	yBb.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\AppVLP.exe	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\MixedRealityPortal.exe	yBb.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe	yBb.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Solitaire.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Microsoft.WebMediaExtensions.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Time.exe	yBb.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	yBb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	yBb.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Microsoft.MicrosoftSolitaireCollection.exe	yBb.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\SoundRec.exe	yBb.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe	yBb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	yBb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 3608	3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe	82
PID 3808 wrote to memory of 3608	3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe	82
PID 3808 wrote to memory of 3608	3808	2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe	82
PID 3608 wrote to memory of 3664	3608	yBb.exe	84
PID 3608 wrote to memory of 3664	3608	yBb.exe	84
PID 3608 wrote to memory of 3664	3608	yBb.exe	84

C:\Users\Admin\AppData\Local\Temp\2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_9554b1bd8310387ca2622f7b2f19a3fc_mafia_wapomi.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Users\Admin\AppData\Local\Temp\yBb.exe
  C:\Users\Admin\AppData\Local\Temp\yBb.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3608
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\729b69bf.bat" "
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FQRZN8O7\k2[1].rar

Filesize
4B

MD5
d3b07384d113edec49eaa6238ad5ff00

SHA1
f1d2d2f924e986ac86fdf7b36c94bcdf32beec15

SHA256
b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c

SHA512
0cf9180a764aba863a67b6d72f0918bc131c6772642cb2dce5a34f0a702f9470ddc2bf125c12198b1995c233c34b4afd346c54a2334c350a948a51b6e8b4e6b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\113B484A.exe

Filesize
4B

MD5
20879c987e2f9a916e578386d499f629

SHA1
c7b33ddcc42361fdb847036fc07e880b81935d5d

SHA256
9f2981a7cc4d40a2a409dc895de64253acd819d7c0011c8e80b86fe899464e31

SHA512
bcdde1625364dd6dd143b45bdcec8d59cf8982aff33790d390b839f3869e0e815684568b14b555a596d616252aeeaa98dac2e6e551c9095ea11a575ff25ff84f

Download Submit
C:\Users\Admin\AppData\Local\Temp\729b69bf.bat

Filesize
181B

MD5
93b0f8b6d3ab5590b27efdb26ae21716

SHA1
d804db2573ffa00c9745e1366ca88b3bf1f8c715

SHA256
d70404aec607874afa16036b511310064ec9a4d2d15ddb356548e17df5f4d5d7

SHA512
22bf66fbb3dc836ba630bcb59c678e4e5598b4d13fad13adccb9c79d2ed1ac34c845e557c2b60e1a3559c041b402745c3729add81ff4b4849207d62579aefd0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\ar-SA\IntelCommon.dll

Filesize
12KB

MD5
d14b422803e3f5975054fb1f5508264c

SHA1
d5dc8950650149ec87ec643a6d1031f1c723d64e

SHA256
61412c4d960a1d48d7e7b27ce756db29ac2bd3c1d71de375553b0d4c111b10ae

SHA512
ff9e52d356b173ab7b204e51d75d7e420a9aba1def4df172fbbfdef44e665b217ad366556e3d05958054d3432dd55e1311783999ea5453163e695f0420cc3e3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\cs-CZ\IntelCommon.dll

Filesize
13KB

MD5
4385da8b81c7ad2ad4c455e7658342a6

SHA1
6dccb663ae44ef793e3ca0592150031c0fd49a05

SHA256
8c22b9369c8f440a474d9abf2b466c2d46d097c902ef6b6261c3a9fdfb73d5a4

SHA512
a59b71f46c7687ebbf018a27f7cf2def97bfda5f8ff936bdb2d49fe0496ab0fda35788b8076b409589c4c4e76ec66dd83b681b2f1522022e16903dd1648eeb90

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\da-DK\IntelCommon.dll

Filesize
13KB

MD5
a4d0f72f4317851580ffd2cb409696e5

SHA1
07a60096bcab6589a8ba69bca7c82c331dff15d7

SHA256
79d4c2d12b81f103c4b73d5a40c353154b37d7291485de0e9e0a9f39d28deb3f

SHA512
750a56fa7641dd0bac0154199b0420a3e672a9d6447f0227d5bd2f5b4d8c73d0e193040066e6ae160661cefca3cc6e1707e1aa3ccd342e72836d8f1b0888ac83

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\de-DE\IntelCommon.dll

Filesize
14KB

MD5
4658cc2f74a6c21f8fd70c7f720669c9

SHA1
5e1d882d78a393051afea79ed5d3333266f93fc0

SHA256
e2c574ae026136b984c8f6cd3d01c3cc59dc1ef12a4d6e825930dad0c591bc2d

SHA512
006226c744a46b45200ba4219aa83844d786214c2898f94966693409f502a2f24cf0f3bed04feb3a49ad4013dbe3acf2534373631babdb0640f7b6e605045ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\el-GR\IntelCommon.dll

Filesize
15KB

MD5
0ff0c5ad0782382eab28349076d50ec2

SHA1
40bb123e4200cadeb66ec1d0616abd1a595deea6

SHA256
3c8f5ee456912f9e669c8969ef39fc21383fc0d37495bc37f75e663035bdf94b

SHA512
f773ec836ed8c7c3f8a6166d4273738313130bd023ffc02042ebb351c65129cb61fe4a8edc4fabac394041e09e2736ddf7304fafa10979b472b07659f9901460

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\en-US\IntelCommon.dll

Filesize
13KB

MD5
58910aa05b681654f9f8845bce95ddf8

SHA1
65dc55b16489d5b50c13e54c38cb1ffb96caa3b3

SHA256
4e35b772f1b9db0d0aee90d666005b66089f70cf907d1ba0a748101f1add7467

SHA512
86f2fba4fb44030897da508507b76327410efd541deee9f0dcce0fc95105d1178f346a972101fd6a39dd595336c6389c641ffe519e1cc925559d7abea418ee5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\es-ES\IntelCommon.dll

Filesize
14KB

MD5
0dbe9ffb70ee92cfe9c1c6ba8eaa2141

SHA1
fae0203cab2bebb02837ad3173ae5295a208b5e5

SHA256
ec5b23920cdd4d88b39013d2d98a39022b3ec82b7a8ca4530cfbe4fdf5b9c49e

SHA512
49e87d871d91c48890639698b94112984f8c5b6f4b9e924b8abe0972dbafbf57d66044923f93b33c0685f5a9db42e1b76bdfb12f430547e0ad80e6471b2ab984

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\fi-FI\IntelCommon.dll

Filesize
13KB

MD5
5b38592c724a5e72d87990efce29fd23

SHA1
dff56f792bcea6f914f03ef0a4abab9bc5c6a7dc

SHA256
94983069f88d7e0d1d26872adf7d91aa32811947591ab4cddae0213dbda9433e

SHA512
df3b40672db153a042d6ec0506c4788a273194cae07356ce565d3449166c5cfcf67952fde3da27c742f5aeab9108fd92f41fc8f6fc6dc4829d292352d9494c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\fr-FR\IntelCommon.dll

Filesize
15KB

MD5
fcefb428ce12daad86ac90993a2a7dd8

SHA1
49e535865ab8c26007dc6ecd15ad5133e54dd054

SHA256
c89a988e49d346509dd8531f9888ead6ddf28f9ebed0d96faf91205dec04a887

SHA512
1cb564df378d2e9a94a1c43231b2c2f0c98e698c43f03ad82eba372a0514e4363edd6d92b6cd4d5984aee230b3496145c16b54c7c1dfd21d829199a161da8a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\he-IL\IntelCommon.dll

Filesize
11KB

MD5
f5d43290fbd4a2da0bd14b2d93c9a963

SHA1
3188281bd12f89b02bd33747f0a67f4a493a2856

SHA256
b83c5b9adc55a15f46cd150f92d868dfba7feaba2abc1bdffdd3f3019e19ea67

SHA512
6d41294618518f0730ef36a3f16c7b798b470d2a0e6969e031c954471e8d0c5bd8e956c197d9176c09cad8730f2710769c5d6ceb7314d362eac955f9f3a76fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\hu-HU\IntelCommon.dll

Filesize
14KB

MD5
b8512dd657fc422f90e2c0d9ad3b63d1

SHA1
348cba7698120f58520c5392d19a120662ac6c19

SHA256
a10665e6d54cbc5219f0ccc5794ce3e11e3bc2fac3171b5f07a59405099a8773

SHA512
66e8a2a30b8ba27ba9aef953a53dfad80ad5f0401eb7255bac50114c88d47a15083285a2fb221b2d5ec929e4457ab95b7787466a2650c64fe3858cfb6c302fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\it-IT\IntelCommon.dll

Filesize
14KB

MD5
d2260f12a8a5d5f37cea9b69f40f471f

SHA1
2e0bcae5538fa26a26a4552045025fd4677896ff

SHA256
2311e7a2811cca154dc723925708d7980a729a446aa02496b84a1eb7f1609738

SHA512
6f051273d5fbf1411af76c718bdf9dbe793b890e9145b87f9f5562daa27c701355c79bec9b4868e5bcf3ab95ddf15aefe4bc54d6bbef4514c7fff282f951f01c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\ja-JP\IntelCommon.dll

Filesize
10KB

MD5
a08d1e79297ca62a1dcc00ad3c45688e

SHA1
f956846a64954555339db45ab0d7edb0a797f98d

SHA256
844727deac51c9daa08f7831ab60de68f7460b8c04817cef43069514750a8505

SHA512
1165f426c609b3266b526665800ff1ab49f04887bb96bbfc841973ceabd858ee2ec9c2332ee3d1cd8574f7706c79ec5902abcacc37ac7d91177e8eee3761d70d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\ko-KR\IntelCommon.dll

Filesize
9KB

MD5
9a12717e093044758d3a93f3886e940f

SHA1
69c1bee4144ddff0d86a4ffe2cbb32ae601bd0a7

SHA256
3b8b98b9af4c67d38efcce8dfa0fdb7d97e8434cfe06b31f96d4fccc2576a9c3

SHA512
5bc75871c3c8d9fbc783cfa18a9a827deb4853bec3345afa7f2a6820f218e4a73a20896882d66481271f48d52f9834e48a099de650d61237cf03e28462c78bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\nb-NO\IntelCommon.dll

Filesize
13KB

MD5
23f4981b0186581f43683b3099d0c75d

SHA1
d40aac72b7a52c25537c3eaa4eb53fd58aa96667

SHA256
a9f90da2fcd35521b2cebc968c54eeed69da1bbaad3900ed80f6b41324e1417b

SHA512
5520f8b9ea642c5209d44d77bcae0f63e264496f3fdb6f0c8c5b7737a409de803080663092a877d9b272db5438a89355f129b7b5664c80545cab14ecc3f37354

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\nl-NL\IntelCommon.dll

Filesize
14KB

MD5
07019c6cf08c17695a80077b945b7269

SHA1
f317566c8b2bffd8c2cbbe15eb10907960d20031

SHA256
bffa2b853fb25f4905ea25bba4ed63aebe2e33ca2b6a195f4e3f81a3cee264eb

SHA512
da078d2a157e09af586f66bba3a2258519ebe5d9c82ce03fac5b86657171757852dce776c94138fc3bf43f0a911e4fff2587ab217d0a8ab010f793bbcb4d2d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\pl-PL\IntelCommon.dll

Filesize
14KB

MD5
7ab7e6c42dbcabe8e6aba062d34ae0b9

SHA1
3797603d20ac972916edf4504159ab3d54b674d6

SHA256
b66f0d8b0031bbdd9b17cbf6d325396281354406190a741a6a353a3fad644975

SHA512
03ed0c08835af1118ff9aade0e293ea326489caa48962e51c5d0b5a96bd8fec94a8ffdc01cf18f3b071a3957981bd5b4a70d2bd640060e513227b05452856f72

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\pt-BR\IntelCommon.dll

Filesize
14KB

MD5
12d4e0c79a907129cf72b30bddf9da04

SHA1
f77eececfa10a29a5156e8e3deb8fe6bb8f0fc5c

SHA256
71318363ee8bee5264eb9b7798c007944abfb3c320e96afa40404e9a33a7c89f

SHA512
c3a51c0a99ef27dfc9478b8b567e124de13da9f6cc5db8e7ce4367fb0b46e294573db2240ec26e6d2fcc41e7605a02b4d38e5343e74162dab4b250873288b13d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\pt-PT\IntelCommon.dll

Filesize
14KB

MD5
8fbe6456820d952c43d22cdc854e44f8

SHA1
f9dd0c8ebb33f97e7fada4e3bbb0fdaf0b53d6e5

SHA256
1e93d7edff843854741eb93c9b2c52792ba6cc133692afbdc8e894a6d51ae84c

SHA512
b5674115b6755ec855564b7c91bb9d9a23510ef4e6ce537537fa334343fbaebbef44e0151eee766895d269bfb70a9acba9d0efbb5850a43715371801667dc66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\ru-RU\IntelCommon.dll

Filesize
13KB

MD5
ea387e6ce9d2b6980977b5149af80fe4

SHA1
223a22e148ce5a09aec19d4f8ade45e934e537cb

SHA256
75cfc99c9af161e5049f97b3783c906b34a13470544c22fb2435367b1c38209e

SHA512
8e74165789d93c47b9e3a8b2f2caa1da8a3454682a435fb9e8f33a2ce419aa8412925c296eb45f42ddeff975716d87162dae4e3123d363a4f0ce7f5196adb2d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\sv-SE\IntelCommon.dll

Filesize
13KB

MD5
e845328d501dee795253da63b65ef726

SHA1
63f34827dfa86c1c9471be9c3b9a451ea9f20607

SHA256
fb27ec1044dce6256c0782d8df2ddf21557604dc14f7e428455a727ea7af746b

SHA512
5bcb80eebff9606db6da1551220ec996f71f881e219e8b27ce8f414e323ec5139337808f30fa5ed3b35c253f3932bb95106c3e7b663a58687e91c8d784469da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\th-TH\IntelCommon.dll

Filesize
12KB

MD5
8f5ce4eefe667cd884a10181a97e8d1f

SHA1
2be6239f5c9177db4320d46753e64ff877a2f0f0

SHA256
55553ad17868d3bd51b627b77c4b2c2832bcc558f8555b77de06534c22c4e164

SHA512
ed77b3a75a8e019b27e0eafa409419cdabf7f1b992cceca9cdbded6ffa9cdfce60c58a3cfdadc82115138179c446d50adc335d69dd9ba43a8782f9cdc69500d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\tr-TR\IntelCommon.dll

Filesize
13KB

MD5
0baa06a05026a2af3e895c65f3b8eaac

SHA1
a1c649c0d25f53500fc12ef47b89b2827bacfe80

SHA256
4b3638de537067970e3df240a9717471114b2134ebc3f4540389d982f48b9af2

SHA512
b41f1d9df5a0f8c6f0508249b6159ca2a20099622e67aa0452ef80b3952ab91ef89971ed32ddf8247d24e1f84117b9dc59dd04e768e6f60c981312e0807c8a8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\zh-CN\IntelCommon.dll

Filesize
8KB

MD5
ddb98731bff79ffb5cefba58a0c64926

SHA1
2bc92c1f5265bcd0d88b0ea4561988656dfa0537

SHA256
093f7a0f5f721fd68724cc17b8d307252b4b2d6ff841d6733e5c91ffdecdafe1

SHA512
dce39698c345e34f49be6e34d548035916cd0d9a854601efcd31d6a51aa477b6ff7044dcb5b1084a123ab0bee0d89d6867899de15c7c871c0e1cb6201091a8a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIFAFB8.tmp\zh-TW\IntelCommon.dll

Filesize
8KB

MD5
a54080759bd182e3b5b3716443d523ab

SHA1
7935dacd57509aa7e1c0c7f4f9f647ccd4b19cba

SHA256
8a83edd1fed8ed6bfa56c4b623446429222abc4ca85009c015cbc302d20771cc

SHA512
2f077eab31462f995d1c7f7c80117fb86f292da9a0836f5e45932dc93ffce9da6a9b7006c3cf4760345b78b94c3e3a2ea7ce7a00908a2b853ecddfc1220853fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\yBb.exe

Filesize
15KB

MD5
56b2c3810dba2e939a8bb9fa36d3cf96

SHA1
99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

SHA256
4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

SHA512
27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

Download Submit
C:\Users\Admin\Intel\Logs\IntelRST.log

Filesize
1KB

MD5
b5c50aa23a46d1fd431549fcab080095

SHA1
1bef05d3a45ca5884e98608761244743e10225b0

SHA256
bc81472e4d367ba3e897f7aa4e88ae57a811022aba35c91642e4329e13658170

SHA512
47be7116ff43ca2875b86ad4fef652d664e370bc7b0b31e96f86734c8b234556b970819d3af904c36ad3c5abcc008b183c2fdf465a1a3ed609736e82d28d3833

Download Submit
C:\Users\Admin\Intel\Logs\IntelRST.log

Filesize
5KB

MD5
98a8e49605b38929797f79ba10a37403

SHA1
cd9853c62cebb01fe30a9e8e1f0770136282fcd7

SHA256
5d52fea520db84901202ec51421c639a7ba03e0ab1ecc2582fcf0ffa5d49a035

SHA512
7bb8d21f2ce6e160cb92a679cb67ee898729e798df3f9ad77392c1675159861bc887628e2bbdf4343e735523dd1dafde3c17e00daa854c3da2c30c9649b2a08b

Download Submit
memory/3608-4-0x0000000000950000-0x0000000000959000-memory.dmp

Filesize
36KB

Download
memory/3608-416-0x0000000000950000-0x0000000000959000-memory.dmp

Filesize
36KB

Download
memory/3808-0-0x00000000009B0000-0x0000000000AEB000-memory.dmp

Filesize
1.2MB

Download
memory/3808-646-0x00000000009B0000-0x0000000000AEB000-memory.dmp

Filesize
1.2MB

Download